Linux kernel built with TechnoTrend/Hauppauge DEC USB driver support is vulnerable to a stack-based buffer overflow flaw. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges. Please note that in order to exploit this issue the TechnoTrend/Hauppauge DEC USB device needs to be plugged in on the system. Upstream fix: ------------- -> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16 Reference: ----------- -> http://seclists.org/oss-sec/2014/q4/611
CVE id has been assigned to this issue: http://seclists.org/oss-sec/2014/q4/615
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1167117]
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0290 https://rhn.redhat.com/errata/RHSA-2015-0290.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2015:0782 https://rhn.redhat.com/errata/RHSA-2015-0782.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0864 https://rhn.redhat.com/errata/RHSA-2015-0864.html