A null pointer dereference flaw was found in the flexcop_usb_probe function in the Flexcop digital TV device driver. An attacker who can insert a malicious USB device into the system could use this flaw to crash the system.

Mitigation

As the b2c2-flexcop-usb module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install b2c2-flexcop-usb /bin/true" >> /etc/modprobe.d/disable-b2c2-flexcop-usb.conf

The system will need to be restarted if the b2c2-flexcop-usb module is already loaded. In most circumstances, the b2c2-flexcop-usb kernel module will be unable to be unloaded while the device is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article <https://access.redhat.com/solutions/41278&gt; or contact Red Hat Global Support Services.