1669187 – (CVE-2019-3819) CVE-2019-3819 kernel: infinite loop in drivers/hid/hid-debug.c:hid_debug_events_read()

Bug 1669187 (CVE-2019-3819) - CVE-2019-3819 kernel: infinite loop in drivers/hid/hid-debug.c:hid_debug_events_read()

Summary: CVE-2019-3819 kernel: infinite loop in drivers/hid/hid-debug.c:hid_debug_even...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-3819
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1669449 1669469 1669470
Blocks:	1631041
TreeView+	depends on / blocked

Reported:	2019-01-24 14:55 UTC by Vladis Dronov
Modified:	2021-02-16 22:28 UTC (History)
CC List:	25 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel in the function hid_debug_events_read() in the drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a user space. A local privileged user ("root") can cause a system lock up and a denial of service.
Clone Of:
Environment:
Last Closed:	2019-07-12 13:06:38 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vladis Dronov 2019-01-24 14:55:58 UTC

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service.

References:

https://lore.kernel.org/lkml/20190129105835.4723-1-vdronov@redhat.com/T/#u

https://marc.info/?t=154875959000006&r=1&w=2

An upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13054abbaa4f1fd4e6f3b4b63439ec033b4c8035

Comment 1 Vladis Dronov 2019-01-24 14:56:00 UTC

Acknowledgments:

Name: Vladis Dronov (Red Hat)

Comment 3 Vladis Dronov 2019-01-25 10:23:45 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1669449]

Comment 7 Pedro Sampaio 2019-01-25 13:33:51 UTC

Introducing commit:

https://github.com/torvalds/linux/commit/717adfdaf14704fd3ec7fa2c04520c0723247eac

Comment 19 Product Security DevOps Team 2019-07-12 13:06:38 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-3819

Note You need to log in before you can comment on or make changes to this bug.

airlied
bskeggs
hdegoede
ichavero
itamar
jarodwilson
jeremy
jfeeney
jforbes
jglisse
john.j5live
jonathan
josef
jwboyer
kernel-maint
labbott
linville
mchehab
mjg59
pmatouse
rvr
security-response-team
steved
tcamuso
torez