PT-2019-2824 · Linux+3 · Linux Kernel+3

Vladis Dronov

Published

2019-01-24

Updated

2020-10-19

CVE-2019-3819

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions v4.18 and newer

Description A flaw was found in the Linux kernel in the function hid debug events read() in the drivers/hid/hid-debug.c file, which may enter an infinite loop with certain parameters passed from a userspace. This could allow a local privileged user (with "root" privileges) to cause a system lock up and a denial of service. The issue is related to uncontrolled resource consumption.

Recommendations For Linux kernel versions v4.18 and newer, consider disabling the hid debug events read() function as a temporary workaround to minimize the risk of exploitation until a patch is available. Restrict access to the drivers/hid/hid-debug.c file to prevent potential abuse.

Exploit

Fix

DoS

Resource Exhaustion

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-835

Related Identifiers

ALT-PU-2019-1251

ALT-PU-2019-1252

ALT-PU-2019-1285

ALT-PU-2019-1286

ALT-PU-2019-2213

ALT-PU-2019-2234

AZL-34853

AZL-6520

BDU:2019-02782

CVE-2019-3819

DLA-1731-1

DLA-1731-2

DLA-1771-1

MGASA-2019-0097

MGASA-2019-0098

MGASA-2019-0171

OPENSUSE-SU-2019:1193-1

OPENSUSE-SU-2019_1193-1

SUSE-SU-2019:0765-1

SUSE-SU-2019:0767-1

SUSE-SU-2019:0784-1

SUSE-SU-2019:0785-1

SUSE-SU-2019:2263-1

SUSE-SU-2019:2299-1

USN-3932-1

USN-3932-2

USN-4115-1

USN-4115-2

USN-4118-1

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2019-2824 · Linux+3 · Linux Kernel+3

CVE-2019-3819

Weakness Enumeration

Related Identifiers

Affected Products

References · 516