CVE-2019-13631

MEDIUM

Description

In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html

http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

http://www.securityfocus.com/bid/109291

https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html

https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/KQ5BQKTI24DPSVKPOIMMGDTFKCF6ASXT/

https://lists.fedoraproject.org/archives/list/[email protected]/message/TUXTJSLIQBOJTQDMTUQTQKUWWAJLFVEY/

https://patchwork.kernel.org/patch/11040813/

https://seclists.org/bugtraq/2019/Aug/13

https://seclists.org/bugtraq/2019/Aug/18

https://seclists.org/bugtraq/2019/Aug/26

https://security.netapp.com/advisory/ntap-20190806-0001/

https://usn.ubuntu.com/4115-1/

https://usn.ubuntu.com/4118-1/

https://usn.ubuntu.com/4145-1/

https://usn.ubuntu.com/4147-1/

https://www.debian.org/security/2019/dsa-4495

https://www.debian.org/security/2019/dsa-4497

Details

Source: MITRE

Published: 2019-07-17

Updated: 2019-07-26

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 6.8

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.9

Severity: MEDIUM

Tenable Plugins

View all (32 total)

ID	Name	Product	Family	Severity
134387	EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)	Nessus	Huawei Local Security Checks	critical
131845	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)	Nessus	Huawei Local Security Checks	critical
130736	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)	Nessus	Huawei Local Security Checks	critical
129677	Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, (USN-4147-1)	Nessus	Ubuntu Local Security Checks	high
129491	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4145-1)	Nessus	Ubuntu Local Security Checks	critical
129284	SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)	Nessus	SuSE Local Security Checks	high
128929	EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)	Nessus	Huawei Local Security Checks	critical
128842	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)	Nessus	Huawei Local Security Checks	high
128680	Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4115-2)	Nessus	Ubuntu Local Security Checks	critical
128542	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)	Nessus	SuSE Local Security Checks	medium
128478	Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)	Nessus	Ubuntu Local Security Checks	critical
128475	Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, (USN-4115-1)	Nessus	Ubuntu Local Security Checks	critical
128470	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)	Nessus	SuSE Local Security Checks	medium
128469	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)	Nessus	SuSE Local Security Checks	medium
128012	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1924)	Nessus	SuSE Local Security Checks	medium
128011	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1923)	Nessus	SuSE Local Security Checks	medium
127985	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)	Nessus	Oracle Linux Local Security Checks	high
127921	Debian DLA-1885-1 : linux-4.9 security update	Nessus	Debian Local Security Checks	high
127882	Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)	Nessus	Slackware Local Security Checks	high
127867	Debian DSA-4497-1 : linux - security update	Nessus	Debian Local Security Checks	high
127866	Debian DLA-1884-1 : linux security update	Nessus	Debian Local Security Checks	high
127776	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2073-1)	Nessus	SuSE Local Security Checks	medium
127775	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2072-1)	Nessus	SuSE Local Security Checks	medium
127774	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2071-1)	Nessus	SuSE Local Security Checks	medium
127773	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2070-1)	Nessus	SuSE Local Security Checks	medium
127772	SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)	Nessus	SuSE Local Security Checks	medium
127616	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4741)	Nessus	Oracle Linux Local Security Checks	medium
127615	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4739)	Nessus	Oracle Linux Local Security Checks	medium
127566	OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0039)	Nessus	OracleVM Local Security Checks	medium
127508	Fedora 29 : kernel / kernel-headers (2019-3dbfaeac73)	Nessus	Fedora Local Security Checks	medium
127491	Debian DSA-4495-1 : linux - security update	Nessus	Debian Local Security Checks	high
127080	Fedora 30 : kernel / kernel-headers (2019-9d3fe6fd5b)	Nessus	Fedora Local Security Checks	medium