A vulnerability was discovered in the linux kernels implementation of "GTCO tablet/digitizer"s version of parse_hid_report_descriptor in drivers.
An attacker with local access could create a malicious USB device which must be inserted into the local usb port to send a crafted USB response that triggers an out-of-bounds write during generation of debugging messages.
It is unlikely that this attack is effective or wide-spread as it requires specific usb hardware and physical access to the hardware to exploit.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1731001]
It is possible to prevent the kernel from loading the affected code by blacklisting the gtco kernel module. Visit https://access.redhat.com/solutions/41278 for specifics.
This flaw is rated as moderate, it is unlikely that this attack vector will be frequently used by attackers to the complexity of physical access and creating a usb device that creates specific USB responses.