Linux Kernel USB PWC Driver Local Denial Of Service Vulnerability reported as fixed after 2.7.22.6 If a 'pwc' device is disconnected, and a userspace application has the device opened, the USB subsystem will be blocked until it's closed. This allows attackers to block the entire USB subsystem from further use. http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=85237f202d46d55c1bffe0c5b1aa3ddc0f1dce4d
This is a low/none severity issue; in order to exploit this: 1. a local attacker needs to have the ability to open a connection to the webcam (which is not the default, only the console user or root would have permissions to open the connection to the usb port) 2. the attacker needs to convince someone to unplug the webcam So this attack is only really feasible if the attacker is physically present at the console (in which case there are much easier ways to DoS the machine).
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0275.html http://rhn.redhat.com/errata/RHSA-2008-0972.html