A flaw in the Linux Kernel found in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write or even code execution. To exploit the vulnerability, one must have a malicious device that does not have any inputs.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2135718]
Apart from this vulnerability, two other memory leak vulnerabilities were reported together with this one.
All 3 vulnerabilities actual only if some specific hardware being used (that not supported by Red Hat Enterprise Linux, so all version of Red Hat Linux not affected by any of these 3).
The other two are:
In drivers/android/binderfs.c of Linux kernel before 5.16.11, the failure of d_make_root does not initialize s_root, leading to memory leak and refcount unbalance. To exploit the vulnerability, one must craft a syscall sequence to trigger an allocation failure in binderfs_fill_super.
pvr2_hdw_create in drivers/media/usb/pvrusb2/pvrusb2-hdw.c in Linux kernel through 5.19 misses the error handling and forgets to unregister the v4l2 device, leading to refcount unbalance and memory leak issue. To exploit the vulnerability, one must craft a syscall sequence to execute the error handling code.
This was fixed for Fedora with the 5.17.14 stable kernel updates.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):