A vulnerability was found in USB monitor driver in Kernel where there is a possible OOB
write due to a missing bounds check. This could lead to local escalation of
privilege with System execution privileges needed. User interaction is not
needed for exploitation.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1819158]
This was fixed for Fedora with the 4.15.11 stable kernel updates.
It is by physical access attack only (with USB) and Moderate, so ooss for rhel6
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue is rated as having Low impact because of the need of physical access and debugfs mounted.