An information leak ina driver in the Linux kernel was found which can be exploited by malicious USB device being attached presenting itself as "Technotrend/Hauppauge USB DEC" device.
A local attacker who is able to issue commands to this specific device is able to leak kernel internal memory information.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1783536]
This was fixed for Fedora with the 5.3.4 stable kernel update.
As the ttusb_dec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:
# echo "install ttusb_dec /bin/true" >> /etc/modprobe.d/disable-cifs.conf
The system will need to be restarted if the ttusb_dec module is already loaded. In most circumstances, the CIFS kernel module will be unable to be unloaded while the device is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.