CVE-2018-19824

Impact:
Moderate
Public Date:
2018-12-04
CWE:
CWE-416
Bugzilla:
1655816: CVE-2018-19824 kernel: Use-after-free in sound/usb/card.c:usb_audio_probe()
A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.

Find out more about CVE-2018-19824 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.6
CVSS3 Base Metrics CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Physical
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Affected
Red Hat Enterprise Linux 7 kernel-alt Affected
Red Hat Enterprise Linux 7 kernel Affected
Red Hat Enterprise Linux 7 kernel-rt Affected
Red Hat Enterprise Linux 6 kernel Affected
Red Hat Enterprise Linux 5 kernel Not affected

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.