7.2

CVE-2018-20169

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.16.63
LinuxLinux Kernel Version >= 3.17 < 3.18.129
LinuxLinux Kernel Version >= 3.19 < 4.4.167
LinuxLinux Kernel Version >= 4.5 < 4.9.145
LinuxLinux Kernel Version >= 4.10 < 4.14.88
LinuxLinux Kernel Version >= 4.15 < 4.19.9
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
DebianDebian Linux Version8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.309
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://access.redhat.com/errata/RHSA-2019:3517
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/4094-1/
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/4118-1/
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3879-1/
Third Party Advisory
https://usn.ubuntu.com/3879-2/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309
Third Party Advisory
VDB Entry