PT-2018-2862 · Linux+5 · Linux Kernel+5

Hui Peng

+1

·

Published

2018-11-23

·

Updated

2024-03-04

·

CVE-2018-20169

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.19.9
Description An issue in the Linux kernel's USB subsystem mishandles size checks during the reading of an extra descriptor, related to the usb get extra descriptor function in drivers/usb/core/usb.c. This issue may allow an attacker to impact the confidentiality and integrity of protected information.
Recommendations For Linux kernel versions prior to 4.19.9, update to version 4.19.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the USB subsystem to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Buffer Overflow

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119CWE-400

Related Identifiers

ALT-PU-2018-2844
ALT-PU-2018-2956
ALT-PU-2019-1433
AZL-34325
AZL-34851
BDU:2019-02380
BDU:2019-03597
CESA-2019_3309
CESA-2019_3517
CESA-2020_1016
CVE-2018-20169
DLA-1731-1
DLA-1731-2
DLA-1771-1
OPENSUSE-SU-2019:0065-1
OPENSUSE-SU-2019_0065-1
OPENSUSE-SU-2019_0140-1
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019_3309
RHSA-2019_3517
RHSA-2020:1016
RHSA-2020:1070
RHSA-2020:2522
RHSA-2020:2770
RHSA-2020:2777
RHSA-2020:2851
RHSA-2020_1016
RHSA-2020_1070
SUSE-SU-2019:0148-1
SUSE-SU-2019:0150-1
SUSE-SU-2019:0196-1
SUSE-SU-2019:0222-1
SUSE-SU-2019:0224-1
SUSE-SU-2019:0320-1
SUSE-SU-2019:0439-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:13937-1
SUSE-SU-2019:13979-1
USN-3879-1
USN-3879-2
USN-4094-1
USN-4118-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu