PT-2018-2700 · Linux+5 · Linux Kernel+5

Hui Peng

+1

·

Publicado

2018-12-12

·

Atualizado

2020-04-08

·

CVE-2018-19985

CVSS v2.0

4.9

Média

VetorAV:L/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.19.9
Description The issue is related to the function hso get config data in the Linux kernel, which reads data from a USB device and uses it to index an array. This can result in an object out-of-bounds read, potentially allowing arbitrary read access in the kernel address space. The vulnerability may be exploited to cause a denial of service.
Recommendations For Linux kernel versions prior to 4.19.9, update to version 4.19.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the hso get config data function in the drivers/net/usb/hso.c file until a patch is available.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2018-2844
ALT-PU-2018-2956
ALT-PU-2019-1028
ALT-PU-2019-1046
ALT-PU-2019-1048
ALT-PU-2019-1058
ALT-PU-2019-1433
ALT-PU-2019-2213
ALT-PU-2019-2234
BDU:2019-01409
CESA-2019_3309
CESA-2019_3517
CESA-2020_1016
CVE-2018-19985
DLA-1731-1
DLA-1731-2
DLA-1771-1
MGASA-2019-0097
MGASA-2019-0098
MGASA-2019-0171
OPENSUSE-SU-2019:0065-1
OPENSUSE-SU-2019_0065-1
OPENSUSE-SU-2019_0140-1
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019_3309
RHSA-2019_3517
RHSA-2020:1016
RHSA-2020:1070
RHSA-2020_1016
RHSA-2020_1070
SUSE-SU-2019:0148-1
SUSE-SU-2019:0150-1
SUSE-SU-2019:0196-1
SUSE-SU-2019:0222-1
SUSE-SU-2019:0224-1
SUSE-SU-2019:0320-1
SUSE-SU-2019:0439-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:13937-1
SUSE-SU-2019:13979-1
USN-3910-1
USN-3910-2
USN-4115-1
USN-4115-2
USN-4118-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu