1358184 – (CVE-2016-5400) CVE-2016-5400 kernel: memory leak in airspy usb driver

Bug 1358184 (CVE-2016-5400) - CVE-2016-5400 kernel: memory leak in airspy usb driver

Summary: CVE-2016-5400 kernel: memory leak in airspy usb driver

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2016-5400
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1358186
Blocks:	Embargoed1356381
TreeView+	depends on / blocked

Reported:	2016-07-20 09:20 UTC by Wade Mealing
Modified:	2023-05-12 18:44 UTC (History)
CC List:	35 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the linux kernel's implementation of the airspy USB device driver in which a leak was found when a subdev or SDR are plugged into the host. An attacker can create an targeted USB device which can emulate 64 of these devices. Then by emulating an additional device which continuously connects and disconnects, each connection attempt will leak memory which can not be recovered.
Clone Of:
Environment:
Last Closed:	2016-09-26 04:10:12 UTC

Attachments	(Terms of Use)

Description Wade Mealing 2016-07-20 09:20:43 UTC

A flaw was found in the linux kernel's implementation of the airspy USB device driver in which a leak was found when a subdev or SDR are plugged into the host.

An attacker can create an targeted USB device which can emulate 64 of
these devices. Then by emulating an additional device which continuously connects and disconnects, each connection attempt will leak memory which can not be recovered.

Upstream patch:
https://git.linuxtv.org/media_tree.git/commit/?id=eca2d34b9d2ce70165a50510659838e28ca22742

Comment 1 Wade Mealing 2016-07-20 09:21:37 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1358186]

Comment 2 Wade Mealing 2016-07-20 09:27:43 UTC

Statement:

Red Hat Enterprise Linux is not affected by this flaw as this module is not available in shipping source code.

Comment 3 Wade Mealing 2016-07-20 09:31:31 UTC

Acknowledgements:

Red Hat would like to thank James Patrick-Evans for bringing this to our attention.

Comment 5 Justin M. Forbes 2016-07-20 14:52:24 UTC

Is there a fix posted anywhere? LKML wasn't copied it seems, and the mitre listing is still the default reserved text.

Comment 6 Wade Mealing 2016-07-25 00:45:51 UTC

Gday Justin,

At this time, the patch has been submitted to the maintainer ( https://git.linuxtv.org/media_tree.git/commit/?id=eca2d34b9d2ce70165a50510659838e28ca22742 ) and we are awaiting the submission upstream.

Thanks

Wade Mealing
Red Hat Product Security

Comment 7 Adam Mariš 2016-07-28 07:38:51 UTC

Is that patch really related to this issue? According to http://seclists.org/oss-sec/2016/q3/178 the following patch fixes this issue:

https://git.linuxtv.org/media_tree.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848

Comment 8 Wade Mealing 2016-08-03 01:07:32 UTC

Yep, fixing.

Comment 9 Fedora Update System 2016-08-08 20:24:57 UTC

kernel-4.6.5-300.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2016-08-08 23:52:12 UTC

kernel-4.6.5-200.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.

agordeev
aquini
arm-mgr
bhu
carnil
dhoward
esammons
fhrbata
gansalmon
iboverma
itamar
jforbes
jkacur
joelsmith
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
kstutsma
lgoncalv
lwang
madhu.chinakonda
matt
mchehab
mcressma
mguzik
nmurray
pholasek
plougher
pmatouse
rt-maint
rvrbovsk
williams
wmealing