Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-19824

Опубликовано: 04 дек. 2018
Источник: redhat
CVSS3: 6.6
EPSS Низкий

Описание

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise Linux 7kernel-rtAffected
Red Hat Enterprise MRG 2kernel-rtWill not fix
Red Hat Enterprise Linux 7kernelFixedRHSA-2019:202906.08.2019
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2019:274112.09.2019
Red Hat Enterprise Linux 8kernelFixedRHSA-2019:270312.09.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1655816kernel: Use-after-free in sound/usb/card.c:usb_audio_probe()

EPSS

Процентиль: 24%
0.00079
Низкий

6.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-19824

CVSS3: 7.8
ubuntu
больше 6 лет назад

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

nvd логотип

CVE-2018-19824

CVSS3: 7.8
nvd
больше 6 лет назад

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

debian логотип

CVE-2018-19824

CVSS3: 7.8
debian
больше 6 лет назад

In the Linux kernel through 4.19.6, a local user could exploit a use-a ...

github логотип

GHSA-42gx-v2fc-7h6f

CVSS3: 7.8
github
около 3 лет назад

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

fstec логотип

BDU:2019-03298

CVSS3: 7.8
fstec
больше 6 лет назад

Уязвимость функции usb_audio_probe ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 24%
0.00079
Низкий

6.6 Medium

CVSS3

Уязвимость CVE-2018-19824