PT-2019-3453 · Linux+7 · Linux Kernel+7

Published

2019-07-11

·

Updated

2024-08-20

·

CVE-2019-13631

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.2.1
Description The issue is related to the parse hid report descriptor function in the Linux kernel, which can be exploited by a malicious USB device sending an HID report. This can trigger an out-of-bounds write during the generation of debugging messages, potentially allowing an attacker to compromise data integrity, gain unauthorized access to protected information, and cause a denial of service.
Recommendations For Linux kernel versions through 5.2.1, update to a version that contains a fix for this issue to prevent exploitation by malicious USB devices. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2024:2950
ALSA-2024:3138
ALT-PU-2019-2339
ALT-PU-2019-2366
ALT-PU-2019-2488
ALT-PU-2019-2746
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-03626
CESA-2024_2950
CESA-2024_3138
CVE-2019-13631
DLA-1884-1
DLA-1885-1
DSA-4495-1
DSA-4497-1
INFSA-2024_2950
INFSA-2024_3138
OPENSUSE-SU-2019:1923-1
OPENSUSE-SU-2019:1924-1
OPENSUSE-SU-2019_1923-1
OPENSUSE-SU-2019_1924-1
RHSA-2024:2950
RHSA-2024:3138
RHSA-2024_2950
RHSA-2024_3138
RLSA-2024:2950
RLSA-2024:3138
SUSE-SU-2019:14157-1
SUSE-SU-2019:2068-1
SUSE-SU-2019:2069-1
SUSE-SU-2019:2070-1
SUSE-SU-2019:2071-1
SUSE-SU-2019:2072-1
SUSE-SU-2019:2073-1
SUSE-SU-2019:2262-1
SUSE-SU-2019:2263-1
SUSE-SU-2019:2299-1
SUSE-SU-2019:2430-1
SUSE-SU-2019:2450-1
SUSE-SU-2019_14157-1
USN-4115-1
USN-4115-2
USN-4118-1
USN-4145-1
USN-4147-1

Affected Products

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu