PT-2018-2560 · Linux+3 · Linux Kernel+3

Jann Horn

Publicado

2018-07-06

Atualizado

2023-02-24

CVE-2018-16276

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.17.7

Description The issue exists due to insufficient input validation in the yurex USB driver, specifically in the yurex read function within the drivers/usb/misc/yurex.c file. This can be exploited by local attackers to crash the kernel or potentially escalate privileges. The vulnerability is related to incorrect bounds checking in the yurex read function, allowing for user access read/writes that could lead to a kernel crash or privilege escalation.

Recommendations For Linux kernel versions prior to 4.17.7, update to version 4.17.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the yurex USB driver to minimize the risk of exploitation.

Correção

Memory Corruption

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-20

Identificadores relacionados

ALT-PU-2018-2029

ALT-PU-2018-2032

ALT-PU-2018-2033

BDU:2019-00979

CVE-2018-16276

DLA-1529-1

DLA-1531-1

DSA-4308-1

OPENSUSE-SU-2018_3202-1

SUSE-SU-2018:2879-1

SUSE-SU-2018:2908-1

SUSE-SU-2018:2908-2

SUSE-SU-2018:3003-1

SUSE-SU-2018:3004-1

SUSE-SU-2018:3083-1

SUSE-SU-2018:3084-1

SUSE-SU-2018:3088-1

SUSE-SU-2018:3618-1

SUSE-SU-2018:3659-1

SUSE-SU-2019:0095-1

USN-3776-1

USN-3776-2

USN-3847-1

USN-3847-2

USN-3847-3

USN-3849-1

USN-3849-2

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2018-2560 · Linux+3 · Linux Kernel+3

CVE-2018-16276

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 378