The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
www.securityfocus.com/bid/101761
groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ
lists.debian.org/debian-lts-announce/2017/12/msg00004.html
patchwork.ozlabs.org/patch/834771/
usn.ubuntu.com/3617-1/
usn.ubuntu.com/3617-2/
usn.ubuntu.com/3617-3/
usn.ubuntu.com/3619-1/
usn.ubuntu.com/3619-2/
usn.ubuntu.com/3822-1/
usn.ubuntu.com/3822-2/