---------- Forwarded message ---------
发件人: Dongyang Zhan <[email protected]>
Date: 2020年5月3日周日 下午2:45
Subject: Potential memory leak bug in rtl8xxxu_tx() by triggering
usb_submit_urb() failures
To: <[email protected]>
Hi,
I am a security researcher, my name is Dongyang Zhan. I found a potential bug in
/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in Linux
4.10.17. I hope you can help me to confirm it.
If usb_submit_urb() fails, usb_unanchor_urb cannot free tx_urb->urb,
causing memory consumption bug. This bug is similar with
CVE-2019-19068, which adds usb_free_urb() as bug fix.
Thank you.