CVE-2018-20169 — MEDIUM (6.8)

Q: How severe is CVE-2018-20169?

CVE-2018-20169 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-20169?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.16.63
Canonical	Ubuntu Linux	14.04
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-400

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620Mailing ListPatchVendor Advisory
https://access.redhat.com/errata/RHSA-2019:3309Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:3517Third Party AdvisoryVDB Entry
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9Mailing ListPatchVendor Advisory
https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlMailing ListThird Party Advisory
https://usn.ubuntu.com/3879-1/Third Party Advisory
https://usn.ubuntu.com/3879-2/Third Party Advisory
https://usn.ubuntu.com/4094-1/Third Party AdvisoryVDB Entry
https://usn.ubuntu.com/4118-1/Third Party AdvisoryVDB Entry
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620Mailing ListPatchVendor Advisory
https://access.redhat.com/errata/RHSA-2019:3309Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:3517Third Party AdvisoryVDB Entry

FAQ

What is CVE-2018-20169?

CVE-2018-20169 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core...

How severe is CVE-2018-20169?

CVE-2018-20169 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20169?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux.