[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-19824Date: (C)2019-05-30   (M)2024-03-26


In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.8CVSS Score : 4.6
Exploit Score: 1.8Exploit Score: 3.9
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-106109
RHSA-2019:2703
USN-3879-1
USN-3879-2
USN-3930-1
USN-3930-2
USN-3931-1
USN-3931-2
USN-3933-1
USN-3933-2
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
https://bugzilla.suse.com/show_bug.cgi?id=1118152
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b
https://github.com/torvalds/linux/commit/5f8cf712582617d523120df67d392059eaf2fc4b
https://support.f5.com/csp/article/K98155950

CPE    5
cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
...
CWE    1
CWE-416
OVAL    36
oval:org.secpod.oval:def:205354
oval:org.secpod.oval:def:89003387
oval:org.secpod.oval:def:1502418
oval:org.secpod.oval:def:1502419
...

© SecPod Technologies