gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-18T17:50:53

Updated: 2024-08-04T12:11:19.057Z

Reserved: 2020-05-18T00:00:00

Link: CVE-2020-13143

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-05-18T18:15:11.347

Modified: 2024-11-21T05:00:44.170

Link: CVE-2020-13143

cve-icon Redhat

Severity : Low

Publid Date: 2020-04-30T00:00:00Z

Links: CVE-2020-13143 - Bugzilla