CVE-2018-19985
kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
La función hso_get_config_data en drivers/net/usb/hso.c en el kernel de Linux, hasta la versión 4.19.8, lee if_num desde el dispositivo USB (como un u8) y lo emplea para indexar un array pequeño, lo que resulta en una lectura de objetos fuera de límites (OOB) que podría permitir la lectura arbitraria en el espacio de direcciones del kernel.
A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-09 CVE Reserved
- 2019-01-31 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | Release Notes |
|
| https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190404-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html | 2019-09-03 | |
| http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html | 2019-09-03 | |
| https://hexhive.epfl.ch/projects/perifuzz | 2019-09-03 | |
| https://seclists.org/bugtraq/2019/Jan/52 | 2019-09-03 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:3309 | 2019-09-03 | |
| https://access.redhat.com/errata/RHSA-2019:3517 | 2019-09-03 | |
| https://usn.ubuntu.com/4115-1 | 2019-09-03 | |
| https://usn.ubuntu.com/4118-1 | 2019-09-03 | |
| https://access.redhat.com/security/cve/CVE-2018-19985 | 2020-03-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666106 | 2020-03-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.19.8 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.19.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Performance Analytics Services Search vendor "Netapp" for product "Active Iq Performance Analytics Services" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Software Management Node Search vendor "Netapp" for product "Element Software Management Node" | - | - |
Affected
| ||||||