PT-2019-5817 · Linux+5 · Linux Kernel+5
Published
2019-04-23
·
Updated
2023-03-03
·
CVE-2019-11884
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.0.15
Description
The issue is related to the
do hidp sock ioctl function in the Linux kernel, which does not properly handle input data. This can allow a local user to obtain potentially sensitive information from kernel stack memory by using a HIDPCONNADD command. The problem arises because a name field may not end with a '0' character, leading to potential information disclosure.Recommendations
For Linux kernel versions prior to 5.0.15, update to version 5.0.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the
do hidp sock ioctl function until a patch is available. Avoid using the HIDPCONNADD command in the affected API endpoint until the issue is resolved.Fix
Buffer Overflow
NULL Pointer Dereference
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu