PT-2018-2987 · Linux+5 · Linux Kernel+5

Hui Peng

+1

·

Publicado

2018-12-02

·

Atualizado

2024-06-15

·

CVE-2018-19824

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.19.7
Description The issue is related to a use-after-free in the ALSA driver. A local user could exploit this by supplying a malicious USB Sound device that is mishandled in the usb audio probe function in sound/usb/card.c. This could allow an attacker to execute arbitrary code or cause a denial of service.
Recommendations For Linux kernel versions prior to 4.19.7, consider updating to version 4.19.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB Sound devices to minimize the risk of exploitation.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2018-2801
ALT-PU-2018-2813
ALT-PU-2019-1433
BDU:2019-03298
CESA-2019_2703
CESA-2019_2741
CVE-2018-19824
DLA-1731-1
DLA-1731-2
DLA-1771-1
MGASA-2018-0487
MGASA-2019-0098
MGASA-2019-0171
OPENSUSE-SU-2019:0065-1
OPENSUSE-SU-2019_0065-1
OPENSUSE-SU-2019_0140-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2019:2029
RHSA-2019:2703
RHSA-2019:2741
RHSA-2019_2029
RHSA-2019_2703
RHSA-2019_2741
SUSE-SU-2018:4069-1
SUSE-SU-2018:4072-1
SUSE-SU-2019:0148-1
SUSE-SU-2019:0150-1
SUSE-SU-2019:0222-1
SUSE-SU-2019:0224-1
SUSE-SU-2019:0320-1
SUSE-SU-2019:0439-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:13937-1
SUSE-SU-2019:13979-1
USN-3879-1
USN-3879-2
USN-3930-1
USN-3930-2
USN-3931-1
USN-3931-2
USN-3933-1
USN-3933-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu