CVE-2020-13143

MEDIUM

Linux kernel <5.6.13 - Memory Corruption

Title source: llm

Description

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

References (16)

Core 16

Core References

Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f

Third Party Advisory x_refsource_misc

https://www.spinics.net/lists/linux-usb/msg194331.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20200608-0001/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2020/dsa-4698

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2020/dsa-4699

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4413-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4411-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4412-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4419-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4414-1/

Mailing List, Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c

Scores

CVSS v3 6.5

EPSS 0.0298

EPSS Percentile 86.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (31)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.10

canonical/ubuntu_linux 20.04

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

linux/linux_kernel 3.16 - 5.6.13

netapp/a700s_firmware

... and 21 more

Published May 18, 2020

Tracked Since Feb 18, 2026