Impact
A bulk‑out buffer overflow flaw in the Linux kl5kusb105 USB serial driver allows a local attacker to write beyond the bounds of a 64‑byte buffer. The driver copies payload data into the buffer without accounting for a two‑byte header, resulting in a slab out‑of‑bounds write that can corrupt kernel memory. Such memory corruption can provide an attacker with the ability to execute arbitrary code with kernel privileges.
Affected Systems
The issue affects the kl5kusb105 USB serial driver in the Linux kernel. Any system running a kernel that has not incorporated the commit fixing the overflow is potentially vulnerable. No specific kernel version numbers are listed, so all releases containing the driver before the patch are at risk.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity vulnerability, while the EPSS score of <1% shows a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local, requiring an attacker to interface with the USB serial device and transmit 64 or more bytes of data through the bulk‑out endpoint. Once triggered, the overflow can corrupt kernel memory, potentially allowing privilege escalation. The exploitability is limited to environments where the vulnerable driver is loaded and accessible.
OpenCVE Enrichment
Debian DLA