gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 up to and including 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows malicious users to trigger an out-of-bounds read, aka CID-15753588bcd4.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
opensuse leap 15.1 |
||
opensuse leap 15.2 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 19.10 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 16.04 |
||
netapp cloud backup - |
||
netapp element software - |
||
netapp steelstore cloud integrated storage - |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp active iq unified manager - |
||
netapp solidfire_baseboard_management_controller_firmware - |
||
netapp bootstrap_os - |
||
netapp a700s_firmware - |
||
netapp h300s_firmware - |
||
netapp h500s_firmware - |
||
netapp h700s_firmware - |
||
netapp h300e_firmware - |
||
netapp h500e_firmware - |
||
netapp h700e_firmware - |
||
netapp h410s_firmware - |
||
netapp h410c_firmware - |
||
netapp h610c_firmware - |
||
netapp h610s_firmware - |
||
netapp h615c_firmware - |