Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20169

Опубликовано: 05 дек. 2018
Источник: redhat
CVSS3: 6.4
EPSS Низкий

Описание

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. By using a specially crafted USB device which sends a forged extra descriptor, an unprivileged user with physical access to the system can potentially cause a privilege escalation or trigger a system crash or lock up and thus to cause a denial of service (DoS).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2020:107031.03.2020
Red Hat Enterprise Linux 7kernelFixedRHSA-2020:101631.03.2020
Red Hat Enterprise Linux 7.4 Advanced Update SupportkernelFixedRHSA-2020:277030.06.2020
Red Hat Enterprise Linux 7.4 Telco Extended Update SupportkernelFixedRHSA-2020:277030.06.2020
Red Hat Enterprise Linux 7.4 Update Services for SAP SolutionskernelFixedRHSA-2020:277030.06.2020
Red Hat Enterprise Linux 7.6 Extended Update SupportkernelFixedRHSA-2020:285107.07.2020
Red Hat Enterprise Linux 7.7 Extended Update SupportkernelFixedRHSA-2020:252211.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1660385kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS

EPSS

Процентиль: 25%
0.00081
Низкий

6.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-20169

CVSS3: 6.8
ubuntu
больше 6 лет назад

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

nvd логотип

CVE-2018-20169

CVSS3: 6.8
nvd
больше 6 лет назад

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

msrc логотип

CVE-2018-20169

CVSS3: 6.8
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2018-20169

CVSS3: 6.8
debian
больше 6 лет назад

An issue was discovered in the Linux kernel before 4.19.9. The USB sub ...

github логотип

GHSA-xv8v-5726-pq4v

CVSS3: 6.8
github
около 3 лет назад

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

EPSS

Процентиль: 25%
0.00081
Низкий

6.4 Medium

CVSS3