Andrey Konovalov

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.3.12 **Description** The issue is related to a use-after-free bug in the drivers/input/ff-memless.c driver of the Linux kernel. This bug can be triggered by a malicious USB device, potentially leading to a denial of service. **Recommendations** For Linux kernel versions prior to 5.3.12, update to version 5.3.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to a possible out-of-bound read in the `uvc parse standard control` function of `uvc driver.c` due to improper input validation. This could lead to local information disclosure without requiring additional execution privileges. User interaction is not needed for exploitation. **Recommendations** For Android kernel, apply the necessary patch or update to fix the improper input validation in the `uvc parse standard control` function to prevent out-of-bound read. As a temporary workaround, consider restricting access to sensitive information until a patch is available.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11 Description: A race condition in the ` ns get path` function in `fs/nsfs.c` can lead to a Use After Free condition when accessing files. This issue also affects Android releases from CAF using the Linux kernel before security patch level 2018-07-05. Recommendations: For Linux kernel versions prior to 4.11, update to version 4.11 or later to resolve the issue. For Android releases from CAF using the Linux kernel, apply the security patch level 2018-07-05 or later.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.8 Description: The issue arises from improper validation of the `sigevent->sigev notify` field in the timer create syscall implementation. This leads to out-of-bounds access when the show timer function is called, such as when the `/proc/$PID/timers` endpoint is read. As a result, userspace applications can read arbitrary kernel memory, but only on kernels built with CONFIG POSIX TIMERS and CONFIG CHECKPOINT RESTORE. Recommendations: For Linux kernel versions prior to 4.14.8, update to version 4.14.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.14.7 **Description** A NULL pointer dereference issue was discovered in the ` rds rdma map()` function, allowing local attackers to cause a system panic and a denial-of-service. This issue is related to `RDS GET MR` and `RDS GET MR FOR DEST`. **Recommendations** For Linux kernel versions prior to 4.14.7, update to version 4.14.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` rds rdma map()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.14.6 **Description** The issue is related to the usb destroy configuration function in the USB core subsystem, which does not properly consider the maximum number of configurations and interfaces before releasing resources. This can be exploited by local users via a crafted USB device to cause a denial of service or possibly have other unspecified impacts. **Recommendations** For Linux kernel versions prior to 4.14.6, update to version 4.14.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.11 **Description** The issue allows local users to cause a denial of service, resulting in a system crash, or possibly have other unspecified impacts via a crafted USB device. **Recommendations** For Linux kernel versions prior to 4.13.11, update to version 4.13.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.11 **Description** The issue is related to the `hdpvr probe` function in the Linux kernel, which is associated with improper error handling. This can be exploited by a local user via a crafted USB device, potentially causing a denial of service or other unspecified impacts. **Recommendations** For Linux kernel versions prior to 4.13.11, update to a version 4.13.11 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.11 **Description** The issue is related to the `dvb frontend free` function, which allows local users to cause a denial of service, potentially leading to a system crash, via a crafted USB device. This is due to a use-after-free condition. The function was later renamed to ` dvb frontend free`. **Recommendations** For Linux kernel versions prior to 4.13.11, update to a version 4.13.11 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.13.11 **Description** The issue is related to the `qmi wwan bind` function in the Linux kernel, which can be exploited by a local user via a crafted USB device. This can cause a denial of service due to a divide-by-zero error, leading to a system crash, and possibly have other unspecified impacts. **Recommendations** For Linux kernel versions through 4.13.11, consider disabling the `qmi wwan bind` function as a temporary workaround until a patch is available. Restrict access to USB devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.13.11 **Description** The issue is related to a function in the Linux kernel, specifically `asix suspend` in `drivers/net/usb/asix devices.c`, which is associated with pointer dereference errors. This can be exploited by a local attacker using a crafted USB device, potentially leading to a denial of service (NULL pointer dereference and system crash) or other unspecified impacts. **Recommendations** For Linux kernel versions through 4.13.11, update to a version later than 4.13.11 to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.13.11 **Description** The issue is related to the `usbnet generic cdc bind` function in the Linux kernel, specifically in the `drivers/net/usb/cdc ether.c` file. It is caused by a divide-by-zero error. A local attacker can exploit this issue using a specially crafted USB device, potentially leading to a denial of service (system crash) or other unspecified impacts. **Recommendations** For Linux kernel versions through 4.13.11, update to a version later than 4.13.11 to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.13.11 **Description** The issue is related to a missing warm-start check and incorrect attach timing in the Linux kernel, specifically in the drivers/media/usb/dvb-usb-v2/lmedm04.c file. This can be exploited by a local user via a crafted USB device, potentially causing a denial of service, such as a general protection fault and system crash, or possibly having other unspecified impacts. The vulnerability is associated with the functions dm04 lme2510 frontend attach and dm04 lme2510 tuner. **Recommendations** For Linux kernel versions through 4.13.11, consider disabling the use of USB devices that could exploit this issue until a patch is available. As a temporary workaround, restrict access to the affected driver file lmedm04.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.11 **Description** The issue is related to the `parse hid report descriptor` function in the Linux kernel, which allows local users to cause a denial of service or possibly have other impacts via a crafted USB device. This is due to an out-of-bounds read in memory, potentially leading to a system crash. The exploitation of this issue may allow an attacker to cause unspecified other impacts, including reading beyond memory boundaries. **Recommendations** For Linux kernel versions prior to 4.13.11, update to version 4.13.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.13.11 **Description** The issue is related to the `ims pcu get cdc union desc` function in the Linux kernel, which allows local users to cause a denial of service or possibly have other unspecified impacts via a crafted USB device. This is due to an out-of-bounds read in the `ims pcu parse cdc data` function, potentially leading to a system crash. **Recommendations** For Linux kernel versions through 4.13.11, consider updating to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.10 **Description** The issue is related to the `usb get bos descriptor` function in the Linux kernel, which is vulnerable to a buffer out-of-bounds read. This can be exploited by an attacker using a specially crafted USB device, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For Linux kernel versions prior to 4.13.10, update to version 4.13.10 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.11 **Description** The issue is related to the imon probe function in the Linux kernel, specifically in the drivers/media/rc/imon.c file. It is associated with pointer dereference errors. Exploitation of this issue may allow an attacker to cause a denial of service or potentially have other impacts using a specially crafted USB device. The estimated number of potentially affected devices is not specified. **Recommendations** For Linux kernel versions prior to 4.13.11, update to version 4.13.11 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.8 **Description** The issue is related to the `usbhid parse` function in the Linux kernel, which allows local users to cause a denial of service, including out-of-bounds read and system crash, or possibly have other unspecified impacts via a crafted USB device. **Recommendations** For Linux kernel versions prior to 4.13.8, update to version 4.13.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.13.11 **Description** The issue is related to the `get endpoints` function in `drivers/usb/misc/usbtest.c`, which can cause a denial of service due to a NULL pointer dereference and system crash when a crafted USB device is used. This could potentially have other unspecified impacts. The issue can be exploited by local users. **Recommendations** For Linux kernel versions through 4.13.11, update to a version later than 4.13.11 to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.8 **Description** The issue is related to a use-after-free error in the `snd usb mixer interrupt` function, located in the `sound/usb/mixer.c` file of the Linux kernel. This error can be exploited by local users via a crafted USB device, potentially leading to a denial of service (system crash) or other unspecified impacts. **Recommendations** For Linux kernel versions prior to 4.13.8, update to version 4.13.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.