PT-2018-2560 · Linux+3 · Linux Kernel+3

Jann Horn

Published

2018-07-06

Updated

2023-02-24

CVE-2018-16276

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.17.7

Description The issue exists due to insufficient input validation in the yurex USB driver, specifically in the yurex read function within the drivers/usb/misc/yurex.c file. This can be exploited by local attackers to crash the kernel or potentially escalate privileges. The vulnerability is related to incorrect bounds checking in the yurex read function, allowing for user access read/writes that could lead to a kernel crash or privilege escalation.

Recommendations For Linux kernel versions prior to 4.17.7, update to version 4.17.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the yurex USB driver to minimize the risk of exploitation.

Fix

Memory Corruption

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-20

Related Identifiers

ALT-PU-2018-2029

ALT-PU-2018-2032

ALT-PU-2018-2033

BDU:2019-00979

CVE-2018-16276

DLA-1529-1

DLA-1531-1

DSA-4308-1

OPENSUSE-SU-2018_3202-1

SUSE-SU-2018:2879-1

SUSE-SU-2018:2908-1

SUSE-SU-2018:2908-2

SUSE-SU-2018:3003-1

SUSE-SU-2018:3004-1

SUSE-SU-2018:3083-1

SUSE-SU-2018:3084-1

SUSE-SU-2018:3088-1

SUSE-SU-2018:3618-1

SUSE-SU-2018:3659-1

SUSE-SU-2019:0095-1

USN-3776-1

USN-3776-2

USN-3847-1

USN-3847-2

USN-3847-3

USN-3849-1

USN-3849-2

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2018-2560 · Linux+3 · Linux Kernel+3

CVE-2018-16276

Weakness Enumeration

Related Identifiers

Affected Products

References · 378