Vulnerability CVE-2018-19985: Information

Description

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-19985
Published: March 21, 2019
Modified: Sept. 3, 2019
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-mpsisyphus4.19.12-alt16.9.4-alt1ALT-PU-2018-2956-1218513Fixed
kernel-image-mpp104.19.12-alt16.1.19-alt1ALT-PU-2018-2956-1218513Fixed
kernel-image-mpp94.19.12-alt15.12.16-alt1ALT-PU-2018-2956-1218513Fixed
kernel-image-mpc9f24.19.12-alt15.7.16-alt1ALT-PU-2018-2956-1218513Fixed
kernel-image-mpp114.19.12-alt16.8.8-alt1ALT-PU-2018-2956-1218513Fixed
kernel-image-std-debugsisyphus4.14.92-alt16.1.94-alt1ALT-PU-2019-1028-1219149Fixed
kernel-image-std-debugc9f24.14.92-alt14.19.102-alt1ALT-PU-2019-1028-1219149Fixed
kernel-image-std-debugp114.14.92-alt16.1.91-alt1ALT-PU-2019-1028-1219149Fixed
kernel-image-std-defsisyphus4.14.93-alt16.1.94-alt1ALT-PU-2019-1048-1219456Fixed
kernel-image-std-defp104.14.93-alt15.10.218-alt1ALT-PU-2019-1048-1219456Fixed
kernel-image-std-defp94.14.93-alt15.4.277-alt1ALT-PU-2019-1048-1219456Fixed
kernel-image-std-defp84.9.150-alt0.M80P.14.9.337-alt0.M80P.1ALT-PU-2019-1036-1219311Fixed
kernel-image-std-defc9f24.14.93-alt15.10.214-alt0.c9f.2ALT-PU-2019-1048-1219456Fixed
kernel-image-std-defc74.4.183-alt0.M70C.14.4.277-alt0.M70C.1ALT-PU-2019-2175-1233233Fixed
kernel-image-std-defp114.14.93-alt16.1.91-alt1ALT-PU-2019-1048-1219456Fixed
kernel-image-std-paec9f24.14.94-alt14.19.72-alt1ALT-PU-2019-1058-1219530Fixed
kernel-image-tegrap94.9.140-alt24.9.140-alt2ALT-PU-2019-2234-1234165Fixed
kernel-image-tegrac9f24.9.140-alt24.9.140-alt2ALT-PU-2019-2234-1234165Fixed
kernel-image-un-defsisyphus4.19.9-alt16.6.34-alt1ALT-PU-2018-2844-1217763Fixed
kernel-image-un-defp104.19.9-alt16.1.90-alt1ALT-PU-2018-2844-1217763Fixed
kernel-image-un-defp94.19.9-alt15.10.218-alt1ALT-PU-2018-2844-1217763Fixed
kernel-image-un-defp84.14.93-alt0.M80P.14.19.310-alt0.M80P.1ALT-PU-2019-1038-1219308Fixed
kernel-image-un-defc10f14.19.9-alt16.1.85-alt0.c10f.1ALT-PU-2018-2844-1217763Fixed
kernel-image-un-defc9f24.19.9-alt15.10.29-alt2ALT-PU-2018-2844-1217763Fixed
kernel-image-un-defc74.9.277-alt0.M70C.14.9.277-alt0.M70C.1ALT-PU-2021-3032-1281292Fixed
kernel-image-un-defp114.19.9-alt16.6.31-alt1ALT-PU-2018-2844-1217763Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed
usbipp115.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://seclists.org/bugtraq/2019/Jan/52
  • Mailing List
  • Patch
  • Third Party Advisory
https://hexhive.epfl.ch/projects/perifuzz/
  • Patch
  • Third Party Advisory
http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
  • Release Notes
  • Third Party Advisory
  • VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
  • Mailing List
  • Release Notes
  • Patch
  • Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html
  • Mailing List
  • Release Notes
  • Patch
  • Third Party Advisory
[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
  • Third Party Advisory
[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20190404-0002/
  • Third Party Advisory
[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
  • Mailing List
  • Third Party Advisory
USN-4115-1
    USN-4118-1
      RHSA-2019:3517
        RHSA-2019:3309

            1. Configuration 1

              cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
              End including
              4.19.8

              Configuration 2

              cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

              Configuration 3

              cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*
              cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.3
          Back to top