James Patrick-Evans

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.8.1 **Description** The issue allows local users who are physically proximate for inserting a crafted USB device to gain privileges. This is achieved by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference in the tower probe function. **Recommendations** For versions prior to 4.8.1, update to version 4.8.1 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the system to prevent the insertion of crafted USB devices.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.7 **Description** The issue is related to a memory leak in the `airspy probe` function in the airspy USB driver. This leak allows local users to cause a denial of service by consuming memory. The denial of service can be triggered through a crafted USB device that emulates many devices of type `VFL TYPE SDR` or `VFL TYPE SUBDEV` and performs many connect and disconnect operations. **Recommendations** For Linux kernel versions prior to 4.7, update to version 4.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices that emulate many `VFL TYPE SDR` or `VFL TYPE SUBDEV` devices to minimize the risk of exploitation.