CVE-2019-3819

2019-01-2500:00:00

ubuntu.com

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

A flaw was found in the Linux kernel in the function
hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an
infinite loop with certain parameters passed from a userspace. A local
privileged user (“root”) can cause a system lock up and a denial of
service. Versions from v4.18 and newer are vulnerable.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819>

Notes

Author	Note
sbeattie	claims to be introduced by fix for CVE-2018-9516
tyhicks	HID debug events are exposed via debugfs which is only accessible by the root user in Ubuntu

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-60.67UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-145.171UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1047.49UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1040.43UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1079.89UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1047.49~16.04.1UNKNOWN
ubuntu18.04noarchlinux-azure< 5.0.0-1014.14~18.04.1UNKNOWN
ubuntu16.04noarchlinux-azure< 4.15.0-1056.61UNKNOWN
ubuntu18.04noarchlinux-azure-edge< 5.0.0-1014.14~18.04.1UNKNOWN
ubuntu16.04noarchlinux-azure-edge< 4.15.0-1056.61UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-60.67	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-145.171	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1047.49	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1040.43	UNKNOWN
ubuntu	16.04	noarch	linux-aws	< 4.4.0-1079.89	UNKNOWN
ubuntu	16.04	noarch	linux-aws-hwe	< 4.15.0-1047.49~16.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-azure	< 5.0.0-1014.14~18.04.1	UNKNOWN
ubuntu	16.04	noarch	linux-azure	< 4.15.0-1056.61	UNKNOWN
ubuntu	18.04	noarch	linux-azure-edge	< 5.0.0-1014.14~18.04.1	UNKNOWN
ubuntu	16.04	noarch	linux-azure-edge	< 4.15.0-1056.61	UNKNOWN