Bug 1651061 (CVE-2018-19270) - CVE-2018-19270 kernel: Out-of-bounds read in drivers/usb/misc/yurex.c:yurex_read allows for DoS or potential code execution
Summary: CVE-2018-19270 kernel: Out-of-bounds read in drivers/usb/misc/yurex.c:yurex_r...
Keywords:
Status: CLOSED DUPLICATE of bug 1624507
Alias: CVE-2018-19270
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1651063
TreeView+ depends on / blocked
 
Reported: 2018-11-19 05:44 UTC by Sam Fowler
Modified: 2021-02-16 22:46 UTC (History)
49 users (show)

Fixed In Version: kernel 4.17.7
Clone Of:
Environment:
Last Closed: 2018-11-26 03:32:02 UTC
Embargoed:

Attachments (Terms of Use)

Description Sam Fowler 2018-11-19 05:44:09 UTC 
In yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7, an out-of-bounds user space access in the read handler of the yurex USB device driver could be used by local attackers to crash the kernel or potentially escalate privileges.


Reference:

https://bugzilla.suse.com/show_bug.cgi?id=1115593


Upstream Patch:

https://github.com/torvalds/linux/commit/f1e255d6
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d6
Comment 1 Joshua Padman 2018-11-26 03:32:02 UTC 

*** This bug has been marked as a duplicate of bug 1624507 ***
Comment 2 Doran Moppert 2020-02-10 04:35:59 UTC 
Statement:

This flaw was found to be a duplicate of CVE-2018-16276. Please see https://access.redhat.com/security/cve/CVE-2018-16276 for information about affected products and security errata.
Note You need to log in before you can comment on or make changes to this bug.