An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9da0b56fe27206b49f39805f7dcda8a89379062
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.
(In reply to Rohit Keshri from comment #2) > These files are not built in our source code. Recent aarch64 kernel has sr9700 module enabled: $ wget http://download.eng.bos.redhat.com/brewroot/vol/rhel-9/packages/kernel/5.14.0/205.el9/aarch64/kernel-core-5.14.0-205.el9.aarch64.rpm $ rpm2cpio kernel-core-5.14.0-205.el9.aarch64.rpm | cpio -id $ grep SR9700 lib/modules/5.14.0-205.el9.aarch64/config CONFIG_USB_NET_SR9700=m $ readelf -a lib/modules/5.14.0-205.el9.aarch64/kernel/drivers/net/usb/sr9700.ko | grep sr9700_rx_fixup 38: 0000000000000010 304 FUNC LOCAL DEFAULT 3 sr9700_rx_fixup
In reply to comment #10: > (In reply to Rohit Keshri from comment #2) > > These files are not built in our source code. > > Recent aarch64 kernel has sr9700 module enabled: > > $ wget > http://download.eng.bos.redhat.com/brewroot/vol/rhel-9/packages/kernel/5.14. > 0/205.el9/aarch64/kernel-core-5.14.0-205.el9.aarch64.rpm > $ rpm2cpio kernel-core-5.14.0-205.el9.aarch64.rpm | cpio -id > $ grep SR9700 lib/modules/5.14.0-205.el9.aarch64/config > CONFIG_USB_NET_SR9700=m > > $ readelf -a > lib/modules/5.14.0-205.el9.aarch64/kernel/drivers/net/usb/sr9700.ko | grep > sr9700_rx_fixup > 38: 0000000000000010 304 FUNC LOCAL DEFAULT 3 sr9700_rx_fixup Thank you Jan, I have made the adjustment.