PT-2018-3349 · Linux+2 · Linux Kernel+2

Publicado

2018-05-11

Atualizado

2023-02-24

CVE-2019-18675

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.3.13

Description: The issue is related to an integer overflow in the cpia2 remap buffer function, located in drivers/media/usb/cpia2/cpia2 core.c, which can be exploited to gain read and write access to kernel physical pages. This could potentially result in privilege escalation. The vulnerability can be exploited by local users with access to /dev/video0.

Recommendations: For Linux kernel versions prior to 5.3.13, update to a version that contains a fix for this issue to prevent potential privilege escalation. As a temporary workaround, consider restricting access to /dev/video0 to minimize the risk of exploitation.

Exploit

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2018-1912

ALT-PU-2018-1916

ALT-PU-2018-1919

BDU:2020-00368

CVE-2019-18675

SUSE-SU-2020:1255-1

SUSE-SU-2020:1275-1

SUSE-SU-2020:14354-1

Produtos afetados

Alt Linux

Linux Kernel

Suse

PT-2018-3349 · Linux+2 · Linux Kernel+2

CVE-2019-18675

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 194