The "getpipe()" function (drivers/usb/usbip/stubrx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
{ "urgency": "not yet assigned" }