An out-of-bound access issue was discovered in yurex_read() in drivers/usb/misc/yurex.c in the Linux kernel. A local attacker could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
An upstream patch:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1624508]
This was fixed for Fedora with the 4.17.7 stable updates.
No Red Hat products are vulnerable to this flaw, as the yurex driver is not shipped.
*** Bug 1651061 has been marked as a duplicate of this bug. ***