The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. It was discovered that the USB Cypress HID drivers for the Linux kernel did not properly validate reported information from the device. An attacker with physical access could use this to expose sensitive information (kernel memory).