Four Remote Packet-Of-Death Vulnerabilities Found in Linux Driver
lkml.orgAlarmist headline for an obscure driver, that, while included in the kernel, is almost certainly not running on your production Linux server. Seems to be related to products from Ozmo Device Inc. that push USB data over a layer 2 Wi-Fi Direct connection: http://lxr.free-electrons.com/source/drivers/staging/ozwpan/
From a company that doesn't even appear to be in business anymore:
Related oss-sec discussion for CVE assignment:
It's a "staging" driver; not a big deal, you are almost certainly not using this driver.
I wouldn't jump to such conclusions so fast about the deployment and usage of this driver. Included with many distributions and several devices require its usage.
It doesn't look to be enabled in Fedora, Debian, Ubuntu, Mint or OpenSuSE to me, which covers the top five. Which distributions are you referring to?
I see OpenSUSE disabled it back in 2013 with a commit message '"Take it behind the barn and shoot it." says Michal. :)', presumably in response to inspection after its previous vulnerabilities -- http://kernel.opensuse.org/cgit/kernel-source/commit/?id=2c1...