The irda_bind() function allocates memory for self->ias_obj without checking to see if the socket is already bound. A userspace process could repeatedly bind the socket, have each new object added into the LM-IAS database, and lose the reference to the old object assigned to the socket to exhaust memory resources. References: https://seclists.org/oss-sec/2018/q3/212 Suggested patches: https://www.spinics.net/lists/stable/msg255033.html https://www.spinics.net/lists/stable/msg255029.html
Notes: None of the Red Hat's products are vulnerable to this flaw.