logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-3819

Description

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. #### Bugs * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819> #### Notes Author| Note ---|--- [sbeattie](<https://launchpad.net/~sbeattie>) | claims to be introduced by fix for CVE-2018-9516 [tyhicks](<https://launchpad.net/~tyhicks>) | HID debug events are exposed via debugfs which is only accessible by the root user in Ubuntu


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream linux 5.0~rc6
ubuntu 16.04 linux 4.4.0-145.171
ubuntu 14.04 linux-aws 4.4.0-1040.43
ubuntu upstream linux-aws 5.0~rc6
ubuntu 16.04 linux-aws 4.4.0-1079.89
ubuntu upstream linux-aws-5.0 5.0~rc6
ubuntu upstream linux-aws-hwe 5.0~rc6
ubuntu 16.04 linux-aws-hwe 4.15.0-1047.49~16.04.1
ubuntu 14.04 linux-azure any
ubuntu upstream linux-azure 5.0~rc6
ubuntu 16.04 linux-azure 4.15.0-1056.61
ubuntu upstream linux-azure-5.3 5.0~rc6
ubuntu upstream linux-azure-edge 5.0~rc6
ubuntu 16.04 linux-azure-edge 4.15.0-1056.61
ubuntu upstream linux-euclid 5.0~rc6
ubuntu upstream linux-flo 5.0~rc6
ubuntu upstream linux-gcp 5.0~rc6
ubuntu 16.04 linux-gcp 4.15.0-1041.43
ubuntu upstream linux-gcp-5.3 5.0~rc6
ubuntu upstream linux-gcp-edge 5.0~rc6
ubuntu upstream linux-gke 5.0~rc6
ubuntu upstream linux-gke-4.15 5.0~rc6
ubuntu upstream linux-gke-5.0 5.0~rc6
ubuntu upstream linux-goldfish 5.0~rc6
ubuntu upstream linux-grouper 5.0~rc6
ubuntu upstream linux-hwe 5.0~rc6
ubuntu 16.04 linux-hwe 4.15.0-60.67~16.04.1
ubuntu upstream linux-hwe-edge 5.0~rc6
ubuntu 16.04 linux-hwe-edge 4.15.0-60.67~16.04.1
ubuntu upstream linux-kvm 5.0~rc6
ubuntu 16.04 linux-kvm 4.4.0-1043.49
ubuntu upstream linux-lts-trusty 5.0~rc6
ubuntu upstream linux-lts-utopic 5.0~rc6
ubuntu upstream linux-lts-vivid 5.0~rc6
ubuntu upstream linux-lts-wily 5.0~rc6
ubuntu 14.04 linux-lts-xenial 4.4.0-144.170~14.04.1
ubuntu upstream linux-lts-xenial 5.0~rc6
ubuntu upstream linux-maguro 5.0~rc6
ubuntu upstream linux-mako 5.0~rc6
ubuntu upstream linux-manta 5.0~rc6
ubuntu 19.04 linux-oem was pending \[4.15.0-1056.65\] now end-of-life
ubuntu 19.10 linux-oem 4.15.0-1059.68
ubuntu upstream linux-oem 5.0~rc6
ubuntu 16.04 linux-oem any
ubuntu upstream linux-oem-5.4 5.0~rc6
ubuntu upstream linux-oem-osp1 5.0~rc6
ubuntu 19.04 linux-oracle 5.0.0-1004.8
ubuntu upstream linux-oracle 5.0~rc6
ubuntu 16.04 linux-oracle 4.15.0-1022.25~16.04.1
ubuntu upstream linux-oracle-5.0 5.0~rc6
ubuntu upstream linux-raspi2 5.0~rc6
ubuntu 16.04 linux-raspi2 4.4.0-1106.114
ubuntu upstream linux-raspi2-5.3 5.0~rc6
ubuntu upstream linux-snapdragon 5.0~rc6
ubuntu 16.04 linux-snapdragon 4.4.0-1110.115

Related