Re: additional memory leak in USB userspace handling

[Eugene Teo <eugene () redhat com>]

On 02/17/2010 06:46 PM, Marcus Meissner wrote:
> Hi,
>
> a memory allocation leak (not information, just unfreed memory)
> was spotted and fixed by Linus during debugging of previous problem.
>
> On put_user() errors it would leak one "struct async" per REAPURB call.
>
> Fix is in commit ddeee0b2eec2a51b0712b04de4b39e7bec892a53, also
> attached.
>
> Affected code is also going back throughout 2.6 history.
>
> The issue is of less importance than the information leak fix, I am not
> sure if it deserves a CVE or not.

I was talking to Marcus about this. The attacker needs access to a USB 
device like the previous bug in order to exploit this.

Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team