CVE-2018-20169

Impact:
Moderate
Public Date:
2018-12-05
CWE:
CWE-787
Bugzilla:
1660385: CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS
A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. By using a specially crafted USB device which sends a forged extra descriptor, an unprivileged user with physical access to the system can potentially cause a privilege escalation or trigger a system crash or lock up and thus to cause a denial of service (DoS).

Find out more about CVE-2018-20169 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.4
CVSS3 Base Metrics CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Physical
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Will not fix
Red Hat Enterprise Linux 8 kernel Affected
Red Hat Enterprise Linux 8 kernel-rt Affected
Red Hat Enterprise Linux 7 kernel-alt Affected
Red Hat Enterprise Linux 7 kernel Affected
Red Hat Enterprise Linux 7 kernel-rt Affected
Red Hat Enterprise Linux 6 kernel Will not fix
Red Hat Enterprise Linux 5 kernel Will not fix
Last Modified