Vulnerability in yurex USB Driver Allows Kernel Crash and Privilege Escalation

Vulnerability in yurex USB Driver Allows Kernel Crash and Privilege Escalation

CVE-2018-16276 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.