Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-9516

Опубликовано: 14 сент. 2018
Источник: redhat
CVSS3: 3.1
EPSS Низкий

Описание

In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.

A flaw was found in the Linux kernel in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user ("root") to achieve an out-of-bounds write and thus receiving user space buffer corruption.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtFix deferred
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2019:204307.08.2019
Red Hat Enterprise Linux 7kernelFixedRHSA-2019:202906.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1631036kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c

EPSS

Процентиль: 9%
0.00036
Низкий

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-9516

CVSS3: 7.8
ubuntu
больше 6 лет назад

In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.

nvd логотип

CVE-2018-9516

CVSS3: 7.8
nvd
больше 6 лет назад

In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.

debian логотип

CVE-2018-9516

CVSS3: 7.8
debian
больше 6 лет назад

In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possib ...

github логотип

GHSA-c2cw-mr63-g5r3

CVSS3: 7.8
github
около 3 лет назад

In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.

fstec логотип

BDU:2019-01053

CVSS3: 7.8
fstec
почти 7 лет назад

Уязвимость функции hid_debug_events_read операционной системы Android, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 9%
0.00036
Низкий

3.1 Low

CVSS3