MNBSD-2020-1: USB network drivers out-of-bounds write via malicious device

Severity: Unknown

Affected Package: kernel

Summary: USB network drivers out-of-bounds write via malicious device

Description

A missing length validation common to the smsc(4), muge(4) and cdceem(4) USB network drivers meant that a malicious USB device could write beyond the end of an allocated network packet buffer, potentially achieving kernel or user-space code execution.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2020-7459

Published: August 05, 2020
Last Modified: August 05, 2020