CVE-2018-19824

 

Published at: - 03-12-2018 06:29

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://github.com/torvalds/linux/commit/5f8cf712582617d523120df67d392059eaf2fc4b
• https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=5f8cf712582617d523120df67d392059eaf2fc4b
• https://bugzilla.suse.com/show_bug.cgi?id=1118152
• 106109-Third Party Advisory, VDB Entry
• USN-3879-2-Third Party Advisory
• USN-3879-1-Third Party Advisory
• [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update-Mailing List, Third Party Advisory
• https://support.f5.com/csp/article/K98155950
• [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update-Mailing List, Third Party Advisory
• USN-3933-2-Third Party Advisory
• USN-3931-2-Third Party Advisory
• USN-3931-1-Third Party Advisory
• USN-3930-2-Third Party Advisory
• USN-3930-1-Third Party Advisory
• USN-3933-1-Third Party Advisory
• [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update-Mailing List, Third Party Advisory
• RHSA-2019:2703-

 

Keywords

NVD

 

CVE-2018-19824

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures