Lucene search

[email protected]CVE-2019-3819

HistoryJan 25, 2019 - 6:29 p.m.

CVE-2019-3819

2019-01-2518:29:00

CWE-835

[email protected]

web.nvd.nist.gov

220

linux

kernel

cve-2019-3819

hid_debug_events_read

denial of service

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (“root”) can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq*
debian:debian_linuxdebian debian linuxeq8.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq16.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
opensuse:leapopensuse leapeq15.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.04

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	*
debian:debian_linux	debian debian linux	eq	8.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	16.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
opensuse:leap	opensuse leap	eq	15.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	18.04