PT-2019-5817 · Linux+5 · Linux Kernel+5
Publicado
2019-04-23
·
Atualizado
2023-03-03
·
CVE-2019-11884
CVSS v3.1
3.3
Baixa
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.0.15
Description
The issue is related to the
do hidp sock ioctl function in the Linux kernel, which does not properly handle input data. This can allow a local user to obtain potentially sensitive information from kernel stack memory by using a HIDPCONNADD command. The problem arises because a name field may not end with a '0' character, leading to potential information disclosure.Recommendations
For Linux kernel versions prior to 5.0.15, update to version 5.0.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the
do hidp sock ioctl function until a patch is available. Avoid using the HIDPCONNADD command in the affected API endpoint until the issue is resolved.Correção
Buffer Overflow
NULL Pointer Dereference
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu