The vulnerability of the __usb_get_extra_descriptor function in the USB subsystem of Linux kernel systems allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the usbgetextradescriptor function in the USB subsystem’s driver code drivers/usb/core/usb.c in Linux kernels is related to errors in reading the additional descriptor. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of th...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service. This is because the usbdestroyconfiguration function, in config.c in the USB core subsystem does not consider the maximum number of configurations and interfaces before attempting to release resources which allows local users to cause a denial of...

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1156)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel through 4.19. An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by...

CVE-2019-5518

VMware ESXi 6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001, Workstation 15.x before 15.0.4, 14.x before 14.1.7, Fusion 11.x before 11.0.3, 10.x before 10.1.6 contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI Universal Host...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1108)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was discovered in the Linux kernel's USB subsystem in the usbgetextradescriptor function in the drivers/usb/core/usb.c which mishandles a...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2019:0140-1 Rating: important References: 1012382 1015336 1015337 1015340 1019683 1019695 1020645 1023175 1027260 1031492 1043083 1047487 1065600 1068032 1070805 1079935 1086423 1087082 1091405 1094244...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3879-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3879-1 advisory. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal fo...

USN-3879-1: Linux kernel vulnerabilities

Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system cras...

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre)

The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-19407: The vcpuscanioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service NULL pointer dereference and BUG via...

SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-9516: In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead...

SUSE-SU-2019:13937-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9516: In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lea...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2019:0065-1 Rating: important References: 1024718 1046299 1050242 1050244 1051510 1055121 1055186 1058115 1060463 1065729 1078248 1079935 1082387 1083647 1086282 1086283 1086423 1087978 1088386 1090888...

Amazon Linux AMI : kernel (ALAS-2019-1145)

The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c.CVE-2018-20169 A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition betwe...

Amazon Linux 2 : kernel (ALAS-2019-1145)

The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c.CVE-2018-20169 A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition betwe...

Medium: kernel

Issue Overview: The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c.CVE-2018-20169 A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race...

Medium: kernel

Issue Overview: The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c.CVE-2018-20169 A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race...

DEBIAN-CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c...

Code injection

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c...

CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c...

CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to usbgetextradescriptor in drivers/usb/core/usb.c...