PT-2018-2700 · Linux+5 · Linux Kernel+5

Hui Peng

+1

·

Published

2018-12-12

·

Updated

2020-04-08

·

CVE-2018-19985

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.19.9
Description The issue is related to the function hso get config data in the Linux kernel, which reads data from a USB device and uses it to index an array. This can result in an object out-of-bounds read, potentially allowing arbitrary read access in the kernel address space. The vulnerability may be exploited to cause a denial of service.
Recommendations For Linux kernel versions prior to 4.19.9, update to version 4.19.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the hso get config data function in the drivers/net/usb/hso.c file until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-2844
ALT-PU-2018-2956
ALT-PU-2019-1028
ALT-PU-2019-1046
ALT-PU-2019-1048
ALT-PU-2019-1058
ALT-PU-2019-1433
ALT-PU-2019-2213
ALT-PU-2019-2234
BDU:2019-01409
CESA-2019_3309
CESA-2019_3517
CESA-2020_1016
CVE-2018-19985
DLA-1731-1
DLA-1731-2
DLA-1771-1
MGASA-2019-0097
MGASA-2019-0098
MGASA-2019-0171
OPENSUSE-SU-2019:0065-1
OPENSUSE-SU-2019_0065-1
OPENSUSE-SU-2019_0140-1
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019_3309
RHSA-2019_3517
RHSA-2020:1016
RHSA-2020:1070
RHSA-2020_1016
RHSA-2020_1070
SUSE-SU-2019:0148-1
SUSE-SU-2019:0150-1
SUSE-SU-2019:0196-1
SUSE-SU-2019:0222-1
SUSE-SU-2019:0224-1
SUSE-SU-2019:0320-1
SUSE-SU-2019:0439-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:13937-1
SUSE-SU-2019:13979-1
USN-3910-1
USN-3910-2
USN-4115-1
USN-4115-2
USN-4118-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu