Lucene search

K
redhatcveRedhat.comRH:CVE-2018-19985
HistoryMay 07, 2020 - 4:39 a.m.

CVE-2018-19985

2020-05-0704:39:12
redhat.com
access.redhat.com
29

0.002 Low

EPSS

Percentile

57.6%

A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service.