CVE-2018-16276 — Out-of-bounds Write in Kernel
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.1%
top 75.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 31
Latest updateMay 14
Description
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04
Patches
🔴Vulnerability Details
8GHSA
▶
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities↗2018-12-20
📋Vendor Advisories
10💬Community
3Bugzilla▶
CVE-2018-19270 kernel: Out-of-bounds read in drivers/usb/misc/yurex.c:yurex_read allows for DoS or potential code execution↗2018-11-19
Bugzilla▶
CVE-2018-16276 kernel: incorrect bounds checking in yurex_read in drivers/usb/misc/yurex.c↗2018-08-31
Bugzilla▶
CVE-2018-16276 kernel: incorrect bounds checking in yurex_read in drivers/usb/misc/yurex.c [fedora-all]↗2018-08-31