CVE-2018-19985

CVSS v3.0 4.6 (Medium)

CVSS v2.0 2.1 (Low)

EPSS 0.17 % (54^th)

Affected Products 4

Advisories 25

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-03-21 16:00:33
(5 years ago)
Updated Date: 2019-09-03 00:15:13
(5 years ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Netapp

Configuration #1

		CPE23	From	Up To
	Linux Kernel 4.19.8 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 4.19.8

Configuration #2

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #3

		CPE23	From	Up To
	Netapp Active Iq Performance Analytics Services	cpe:2.3:a:netapp:active_iq_performance_analytics_services:-
	Netapp Element Software Management Node	cpe:2.3:a:netapp:element_software_management_node:-