Dmitry Torokhov

5 exploits Active since Apr 2016
CVE-2016-3139 WRITEUP MEDIUM WRITEUP
Linux Kernel < 3.17 - Denial of Service via Wacom USB Device Descriptor
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
CVE-2017-16643 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.11 - Out-of-bounds Read in GTCO USB Tablet Driver
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 6.6
CVE-2017-16645 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.11 - Out-of-bounds Read in ims_pcu_get_cdc_union_desc
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 6.6
CVE-2019-20636 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.4.12 - Out-of-bounds Write via Crafted Keycode Table
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
CVSS 6.7
CVE-2020-25669 WRITEUP HIGH WRITEUP
Linux Kernel < 4.4.245 - Use-After-Free in sunkbd_reinit
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
CVSS 7.8