7.2

CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.16.63
LinuxLinux Kernel Version >= 3.17 < 3.18.129
LinuxLinux Kernel Version >= 3.19 < 4.4.167
LinuxLinux Kernel Version >= 4.5 < 4.9.145
LinuxLinux Kernel Version >= 4.10 < 4.14.88
LinuxLinux Kernel Version >= 4.15 < 4.19.9
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
DebianDebian Linux Version8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.433
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://access.redhat.com/errata/RHSA-2019:3517
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4094-1/
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/4118-1/
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3879-1/
Third Party Advisory
https://usn.ubuntu.com/3879-2/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309
Third Party Advisory
VDB Entry
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf
Patch
Vendor Advisory
Mailing List
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9
Patch
Vendor Advisory
Mailing List
https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf
Patch
Third Party Advisory