QwikSec

Security Database

CVE

CWE

Training

CVE-2018-19985

Published: Mar 17, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html

x_refsource_MISC

https://seclists.org/bugtraq/2019/Jan/52

x_refsource_MISC

https://hexhive.epfl.ch/projects/perifuzz/

x_refsource_MISC

[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20190404-0002/

x_refsource_CONFIRM

[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.