In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
http://www.securitytracker.com/id/1041050
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
https://secuniaresearch.flexerasoftware.com/advisories/81540/
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/
https://usn.ubuntu.com/3696-1/
https://usn.ubuntu.com/3696-2/
https://usn.ubuntu.com/3752-1/
Source: MITRE
Published: 2018-06-12
Updated: 2019-05-20
Type: CWE-362
Base Score: 6.9
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.4
Severity: MEDIUM
Base Score: 7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1
Severity: HIGH