Out-of-bounds read in Linux kernel - CVE-2018-19985
Published: September 3, 2019 / Updated: September 3, 2019
Vulnerability identifier: #VU20806
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-19985
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when the function "hso_get_config_data" in "drivers/net/usb/hso.c" reads "if_num" from the USB device (as a u8) and uses it to index a small array. An authenticated local user with physical access to the system can use a malicious USB, trigger out-of-bounds read error and read contents of memory on the system.
How to mitigate CVE-2018-19985
Install updates from vendor's website.
Sources
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.148
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.13
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.91
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.170
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20