The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
4.4.0-1003.34.4.0-101.124~14.04.14.4.0-101.1244.4.0-1041.504.13.0-1005.74.13.0-1002.54.4.0-1034.344.13.0-32.35~16.04.14.4.0-1010.154.4.0-1077.85Exploitability
AV:PAC:LPR:NUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H