CVE-2019-11884

Impact:
Moderate
Public Date:
2019-05-10
CWE:
CWE-200
Bugzilla:
1709837: CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol (HIDP). A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can leak potentially sensitive information from the kernel stack memory via a HIDPCONNADD command because a name field may not be correctly NULL terminated.

Find out more about CVE-2019-11884 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.8
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact Low
Availability Impact Low

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Out of support scope
Red Hat Enterprise Linux 8 kernel Affected
Red Hat Enterprise Linux 8 kernel-rt Affected
Red Hat Enterprise Linux 7 kernel-alt Affected
Red Hat Enterprise Linux 7 kernel Affected
Red Hat Enterprise Linux 7 kernel-rt Affected
Red Hat Enterprise Linux 6 kernel Affected
Red Hat Enterprise Linux 5 kernel Out of support scope
Last Modified