{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-06T00:07:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"tags": ["x_refsource_MISC"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"}, {"tags": ["x_refsource_MISC"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/bugtraq/2019/Jan/52"}, {"tags": ["x_refsource_MISC"], "url": "https://hexhive.epfl.ch/projects/perifuzz/"}, {"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190404-0002/"}, {"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"}, {"name": "USN-4115-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4115-1/"}, {"name": "USN-4118-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "RHSA-2019:3309", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3309"}, {"name": "RHSA-2019:3517", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3517"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19985", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"name": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"}, {"name": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"}, {"name": "https://seclists.org/bugtraq/2019/Jan/52", "refsource": "MISC", "url": "https://seclists.org/bugtraq/2019/Jan/52"}, {"name": "https://hexhive.epfl.ch/projects/perifuzz/", "refsource": "MISC", "url": "https://hexhive.epfl.ch/projects/perifuzz/"}, {"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190404-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190404-0002/"}, {"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"}, {"name": "USN-4115-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4115-1/"}, {"name": "USN-4118-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "RHSA-2019:3309", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3309"}, {"name": "RHSA-2019:3517", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3517"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:51:17.876Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jan/52"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hexhive.epfl.ch/projects/perifuzz/"}, {"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190404-0002/"}, {"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"}, {"name": "USN-4115-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4115-1/"}, {"name": "USN-4118-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "RHSA-2019:3309", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3309"}, {"name": "RHSA-2019:3517", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3517"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19985", "datePublished": "2019-03-17T19:48:52", "dateReserved": "2018-12-09T00:00:00", "dateUpdated": "2024-08-05T11:51:17.876Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AA82BBC-BEEA-49BB-A5A2-EE6D3B9FBBF8", "versionEndIncluding": "4.19.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "E902EEC6-9A41-4FBC-8D81-891DF846A5CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space."}, {"lang": "es", "value": "La funci\u00f3n hso_get_config_data en drivers/net/usb/hso.c en el kernel de Linux, hasta la versi\u00f3n 4.19.8, lee if_num desde el dispositivo USB (como un u8) y lo emplea para indexar un array peque\u00f1o, lo que resulta en una lectura de objetos fuera de l\u00edmites (OOB) que podr\u00eda permitir la lectura arbitraria en el espacio de direcciones del kernel."}], "id": "CVE-2018-19985", "lastModified": "2019-09-03T00:15:13.080", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T16:00:33.373", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Release Notes", "Patch", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Release Notes", "Patch", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:3309"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:3517"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://hexhive.epfl.ch/projects/perifuzz/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jan/52"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190404-0002/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4115-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4118-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1070", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1127.rt56.1093.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2020:1016", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1127.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2019:3309", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-147.rt24.93.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:3517", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-147.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}], "bugzilla": {"description": "kernel: oob memory read in hso_probe in drivers/net/usb/hso.c", "id": "1666106", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666106"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.", "A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service."], "name": "CVE-2018-19985", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2018-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-19985\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19985"], "threat_severity": "Low", "upstream_fix": "kernel 4.20"}