CVE-2018-19824

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

References

http://www.securityfocus.com/bid/106109

https://access.redhat.com/errata/RHSA-2019:2703

https://bugzilla.suse.com/show_bug.cgi?id=1118152

https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b

https://github.com/torvalds/linux/commit/5f8cf712582617d523120df67d392059eaf2fc4b

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

https://support.f5.com/csp/article/K98155950

https://usn.ubuntu.com/3879-1/

https://usn.ubuntu.com/3879-2/

https://usn.ubuntu.com/3930-1/

https://usn.ubuntu.com/3930-2/

https://usn.ubuntu.com/3931-1/

https://usn.ubuntu.com/3931-2/

https://usn.ubuntu.com/3933-1/

https://usn.ubuntu.com/3933-2/

Details

Source: MITRE

Published: 2018-12-03

Updated: 2019-09-10

Type: CWE-416

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.19.6 (inclusive)

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
145668CentOS 8 : kernel (CESA-2019:2703)NessusCentOS Local Security Checks
high
128859RHEL 8 : kernel-rt (RHSA-2019:2741)NessusRed Hat Local Security Checks
high
128845Oracle Linux 8 : kernel (ELSA-2019-2703)NessusOracle Linux Local Security Checks
high
128665RHEL 8 : kernel (RHSA-2019:2703)NessusRed Hat Local Security Checks
high
125283SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124834EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)NessusHuawei Local Security Checks
high
124595Debian DLA-1771-1 : linux-4.9 security updateNessusDebian Local Security Checks
medium
124430EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1303)NessusHuawei Local Security Checks
high
123721EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)NessusHuawei Local Security Checks
high
123712EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)NessusHuawei Local Security Checks
high
123682Ubuntu 14.04 LTS : linux vulnerabilities (USN-3933-1)NessusUbuntu Local Security Checks
high
123679Ubuntu 14.04 LTS / 16.04 LTS : linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle (USN-3931-2)NessusUbuntu Local Security Checks
high
123678Ubuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, (USN-3931-1)NessusUbuntu Local Security Checks
high
123677Ubuntu 18.04 LTS : linux-hwe, linux-azure vulnerabilities (USN-3930-2)NessusUbuntu Local Security Checks
high
123676Ubuntu 18.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 (USN-3930-1)NessusUbuntu Local Security Checks
high
123420Debian DLA-1731-2 : linux regression update (Spectre)NessusDebian Local Security Checks
medium
122901Photon OS 1.0: Linux PHSA-2019-1.0-0205NessusPhotonOS Local Security Checks
critical
122891SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13979-1)NessusSuSE Local Security Checks
high
122699EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)NessusHuawei Local Security Checks
high
122609SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)NessusSuSE Local Security Checks
high
122343SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)NessusSuSE Local Security Checks
high
121633openSUSE Security Update : the Linux Kernel (openSUSE-2019-140)NessusSuSE Local Security Checks
high
121605OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0002)NessusOracleVM Local Security Checks
high
121597Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3879-2)NessusUbuntu Local Security Checks
medium
121596Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3879-1)NessusUbuntu Local Security Checks
medium
121571SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1)NessusSuSE Local Security Checks
high
121569SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre)NessusSuSE Local Security Checks
high
121505Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)NessusSlackware Local Security Checks
high
121468SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)NessusSuSE Local Security Checks
high
121344SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0148-1) (Spectre)NessusSuSE Local Security Checks
high
121289openSUSE Security Update : the Linux Kernel (openSUSE-2019-65)NessusSuSE Local Security Checks
high
121202Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4510)NessusOracle Linux Local Security Checks
high
121201Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4509)NessusOracle Linux Local Security Checks
high
120661Fedora 28 : kernel / kernel-headers / kernel-tools (2018-a0914af224)NessusFedora Local Security Checks
high
120445Fedora 29 : kernel / kernel-headers / kernel-tools (2018-5904d0794d)NessusFedora Local Security Checks
high
119647SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:4069-1)NessusSuSE Local Security Checks
high