Impact
A heap overflow occurs in the USB serial io_ti driver during firmware header construction. The function allocates a fixed-size buffer and copies a length field from the firmware image without checking that the length fits within the available space. If a firmware image contains a length that exceeds the buffer, the copy will overwrite adjacent heap memory. This memory corruption could compromise kernel integrity, but no explicit evidence indicates it can be used for remote code execution or privilege escalation.
Affected Systems
The issue affects all Linux kernel builds that implement the io_ti USB serial driver before the patch that applies the firmware header length check. The vulnerability is relevant to generic Linux distributions and any system that uses the kernel version containing the vulnerable driver. Exact version numbers are not specified in the data, so all pre‑patch kernel releases are considered at risk.
Risk and Exploitability
Because the flaw occurs in kernel space, it allows a heap overflow that could corrupt kernel memory. While this could potentially lead to system instability or compromise, no proof of arbitrary code execution is provided. The EPSS score remains < 1%, and the vulnerability is not listed in CISA KEV, with a CVSS score of 7.0. The likely attack vector is a malicious USB device supplying a crafted firmware image, and exploitation would require the host to process the image before the patch is applied, which poses a risk to systems that accept untrusted USB devices.
OpenCVE Enrichment
Debian DLA