Executive Summary

Informations
NameCVE-2018-19985First vendor Publication2019-03-21
VendorCveLast vendor Modification2019-09-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score2.1Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19985

CWE : Common Weakness Enumeration

%idName
100 %CWE-125Out-of-bounds Read

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Os1
Os3155

Sources (Detail)

SourceUrl
CONFIRM https://security.netapp.com/advisory/ntap-20190404-0002/
MISC http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slack...
https://hexhive.epfl.ch/projects/perifuzz/
https://seclists.org/bugtraq/2019/Jan/52
MLIST https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
UBUNTU https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4118-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
DateInformations
2019-09-03 09:19:25
  • Multiple Updates
2019-05-10 05:18:56
  • Multiple Updates
2019-05-03 17:18:38
  • Multiple Updates
2019-04-05 00:18:59
  • Multiple Updates
2019-04-04 17:19:23
  • Multiple Updates
2019-04-02 05:18:42
  • Multiple Updates
2019-03-28 17:19:08
  • Multiple Updates
2019-03-28 00:19:04
  • Multiple Updates
2019-03-21 21:19:19
  • First insertion