A flaw in the Linux Kernel found in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write or even code execution. To exploit the vulnerability, one must have a malicious device that does not have any inputs. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc4ef9d5724973193bfa5ebed181dba6de3a56db
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2135718]
Apart from this vulnerability, two other memory leak vulnerabilities were reported together with this one. All 3 vulnerabilities actual only if some specific hardware being used (that not supported by Red Hat Enterprise Linux, so all version of Red Hat Linux not affected by any of these 3). The other two are: In drivers/android/binderfs.c of Linux kernel before 5.16.11, the failure of d_make_root does not initialize s_root, leading to memory leak and refcount unbalance. To exploit the vulnerability, one must craft a syscall sequence to trigger an allocation failure in binderfs_fill_super. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/?h=char-misc-next&id=9d64d2405f7d30d49818f6682acd0392348f0fdb pvr2_hdw_create in drivers/media/usb/pvrusb2/pvrusb2-hdw.c in Linux kernel through 5.19 misses the error handling and forgets to unregister the v4l2 device, leading to refcount unbalance and memory leak issue. To exploit the vulnerability, one must craft a syscall sequence to execute the error handling code. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=945a9a8e448b65bec055d37eba58f711b39f66f0
This was fixed for Fedora with the 5.17.14 stable kernel updates.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3577