CVE-2018-19985

LOW

Description

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

References

http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html

http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

https://hexhive.epfl.ch/projects/perifuzz/

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

https://seclists.org/bugtraq/2019/Jan/52

https://security.netapp.com/advisory/ntap-20190404-0002/

https://usn.ubuntu.com/4115-1/

https://usn.ubuntu.com/4118-1/

Details

Source: MITRE

Published: 2019-03-21

Updated: 2019-09-03

Type: CWE-125

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 4.6

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 0.9

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
145665	CentOS 8 : kernel (CESA-2019:3517)	Nessus	CentOS Local Security Checks	high
135813	Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)	Nessus	Scientific Linux Local Security Checks	high
135316	CentOS 7 : kernel (CESA-2020:1016)	Nessus	CentOS Local Security Checks	high
135080	RHEL 7 : kernel (RHSA-2020:1016)	Nessus	Red Hat Local Security Checks	high
135078	RHEL 7 : kernel-rt (RHSA-2020:1070)	Nessus	Red Hat Local Security Checks	high
130547	RHEL 8 : kernel (RHSA-2019:3517)	Nessus	Red Hat Local Security Checks	high
130526	RHEL 8 : kernel-rt (RHSA-2019:3309)	Nessus	Red Hat Local Security Checks	high
128680	Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2)	Nessus	Ubuntu Local Security Checks	critical
128478	Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)	Nessus	Ubuntu Local Security Checks	critical
128475	Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, (USN-4115-1)	Nessus	Ubuntu Local Security Checks	critical
125615	OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0022)	Nessus	OracleVM Local Security Checks	medium
125588	EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1636)	Nessus	Huawei Local Security Checks	high
125514	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1587)	Nessus	Huawei Local Security Checks	high
125283	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	SuSE Local Security Checks	high
125238	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4646)	Nessus	Oracle Linux Local Security Checks	medium
125237	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4644)	Nessus	Oracle Linux Local Security Checks	high
125236	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4643) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Oracle Linux Local Security Checks	medium
125235	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4642)	Nessus	Oracle Linux Local Security Checks	medium
124835	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1514)	Nessus	Huawei Local Security Checks	medium
124595	Debian DLA-1771-1 : linux-4.9 security update	Nessus	Debian Local Security Checks	high
124431	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)	Nessus	Huawei Local Security Checks	high
124398	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1302)	Nessus	Huawei Local Security Checks	high
123702	EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1234)	Nessus	Huawei Local Security Checks	low
123420	Debian DLA-1731-2 : linux regression update (Spectre)	Nessus	Debian Local Security Checks	high
122893	Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3910-2)	Nessus	Ubuntu Local Security Checks	medium
122892	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3910-1)	Nessus	Ubuntu Local Security Checks	medium
122891	SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13979-1)	Nessus	SuSE Local Security Checks	high
122609	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)	Nessus	SuSE Local Security Checks	high
122343	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)	Nessus	SuSE Local Security Checks	high
121633	openSUSE Security Update : the Linux Kernel (openSUSE-2019-140)	Nessus	SuSE Local Security Checks	high
121571	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1)	Nessus	SuSE Local Security Checks	high
121569	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre)	Nessus	SuSE Local Security Checks	high
121505	Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)	Nessus	Slackware Local Security Checks	high
121468	SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)	Nessus	SuSE Local Security Checks	high
121466	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0196-1)	Nessus	SuSE Local Security Checks	high
121344	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0148-1) (Spectre)	Nessus	SuSE Local Security Checks	high
121289	openSUSE Security Update : the Linux Kernel (openSUSE-2019-65)	Nessus	SuSE Local Security Checks	high

CVE-2018-19985

LOW

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

high

high

high

high

high

critical

critical

critical

medium

high

high

high

medium

high

medium

medium

medium

high

high

high

low

high

medium

medium

high

high

high

high

high

high

high

high

high

high

high