ALAS2-2019-1145 --- kernelID: oval:org.secpod.oval:def:1700130 | Date: (C)2019-05-30 (M)2024-04-17 |
Class: PATCH | Family: unix |
The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect and close function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory.
Product: |
kernel |
perf |
python-perf |