gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. CREATE(Triage):(User=admin) [CVE-2020-13143|https://nvd.nist.gov/vuln/detail/CVE-2020-13143]