CVEs-PoC/2020/CVE-2020-13143.md at 860e02050fe0cfa14d092faefbaafd5bd449bbcb

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-31 05:59:31 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

POC

Reference

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f
https://usn.ubuntu.com/4411-1/
https://usn.ubuntu.com/4413-1/
https://usn.ubuntu.com/4414-1/
https://usn.ubuntu.com/4419-1/

Github

https://github.com/Live-Hack-CVE/CVE-2020-13143

957 B Raw Blame History

CVE-2020-13143

Description

POC

Reference

Github

957 B

Raw Blame History