Bugzilla – Bug 1147116
VUL-1: CVE-2019-15504: kernel-source: double Free via crafted USB device traffic in rivers/net/wireless/rsi/rsi_91x_usb.c
Last modified: 2022-12-23 11:32:47 UTC
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a
Double Free via crafted USB device traffic (which may be remote via usbip or
The vulnerable code can be find only in TW
Will wait for the upstream acceptance.
Oh, actually I've already submitted the pending patch. I reviewed the change
and it seems correct to me.
a1854fae1414 rsi: improve RX packet handling in USB interface (v4.17-rc1)
master : 5.3.0-rc6
pushed to 8ae43d11b8f
stable : 5.2.10
pushed to 50095550675
OK, thanks, then reassigned back to security team.
FYI, merged upstream as
8b51dc729147 rsi: fix a double free bug in rsi_91x_deinit() (v5.3)