In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: prevent integer overflow in rndissetresponse()
If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow.
{ "urgency": "not yet assigned" }