Harald Welte

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.6.8 through 2.6.14-rc2 Debian GNU/Linux kernel-image and kernel-headers packages (affected versions not specified) **Description** The issue affects the Linux kernel and can lead to a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, resulting in a stale pointer reference. This can cause disruption to confidentiality, integrity, and availability of protected information. The vulnerability can be exploited remotely. **Recommendations** For Linux kernel versions 2.6.8 through 2.6.14-rc2, update to a version later than 2.6.14-rc2 to resolve the issue. For Debian GNU/Linux kernel-image and kernel-headers packages, update to the latest available versions to ensure you have the latest security patches. As a temporary workaround, consider restricting access to USB devices until a patch is available.