Linux Kernel Out-of-Bounds Read Vulnerability in USB Gadget Configfs

Vulnerability

An out-of-bounds read vulnerability has been identified in the Linux kernel's USB gadget configuration filesystem. This issue arises when an empty string is written to the 'qw_sign' or 'landingPage' sysfs attributes. The store functions attempt to access the last character of the string before confirming that the string length is greater than zero, leading to a potential out-of-bounds read. The vulnerability has been addressed by adding a length check to handle zero-length inputs appropriately, preventing the out-of-bounds access.

Impact

Exploitation of this vulnerability could lead to an out-of-bounds read, potentially allowing for information disclosure or causing a denial-of-service condition.

Added: Jul 28, 2025, 12:21 PM

Updated: Jul 28, 2025, 12:21 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Out-of-Bounds Read Vulnerability in USB Gadget Configfs

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating