CVEs-PoC/2020/CVE-2020-13143.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

POC

Reference

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f
https://usn.ubuntu.com/4413-1/
https://usn.ubuntu.com/4414-1/
https://usn.ubuntu.com/4419-1/

Github

https://github.com/Live-Hack-CVE/CVE-2020-13143

913 B Raw Blame History

CVE-2020-13143

Description

POC

Reference

Github

913 B

Raw Blame History