A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. By using a specially crafted USB device which sends a forged extra descriptor, an unprivileged user with physical access to the system can potentially cause a privilege escalation or trigger a system crash or lock up and thus to cause a denial of service (DoS).
An upstream patch:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1660386]
This was fixed for Fedora with the 4.19.9 stable kernel updates