QwikSec

Security Database

CVE

CWE

Training

CVE-2019-3819

Published: Jan 25, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

4.2

MEDIUM

Description

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.

Vendor	Product	Versions
The Linux Foundation	kernel:	affected `from v4.18 and newer`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819

x_refsource_CONFIRM

[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:1193

vendor-advisory

x_refsource_SUSE

[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.