A vulnerability was found in the Linux kernel. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1745543]
This was fixed for Fedora with the 5.1.8 stable kernel updates.
This issue is rated as having Low impact because of the physical access needed to trigger this issue. Also, failed initialization with the core USB subsystem is also a rare event to hit.
To mitigate this issue, prevent module sisusbvga from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.