CVE-2018-20169 — Uncontrolled Resource Consumption in Kernel

CWE-400 — Uncontrolled Resource Consumption CWE-787 — Out-of-bounds Write16 documents8 sources

Severity

6.8MEDIUMNVD

OSV5.5OSV3.3

EPSS

0.1%

top 68.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux +8 more

Timeline

PublishedDec 17

Latest updateMay 14

Description

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages11 packages

▶NVDlinux/linux_kernel3.17 — 3.18.129+5

▶Debianlinux/linux_kernel< 4.19.9-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-142.168+1

▶msrcmsrc/azl3_kernel_6.6.14.1-2_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.22.1-2_on_azure_linux_3.0

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04

Patches

Patch: git.kernel.org ↗Patch: cdn.kernel.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-xv8v-5726-pq4v: An issue was discovered in the Linux kernel before 4↗2022-05-14

▶

OSV

linux-aws vulnerabilities↗2019-09-02

▶

OSV

linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2019-08-13

▶

OSV

linux-lts-xenial, linux-aws vulnerabilities↗2019-02-04

▶

OSV

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities↗2019-02-04

▶

📋Vendor Advisories

Ubuntu

Linux kernel (AWS) vulnerabilities↗2019-09-02

▶

Ubuntu

Linux kernel vulnerabilities↗2019-08-13

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2019-02-04

▶

Ubuntu

Linux kernel vulnerabilities↗2019-02-04

▶

Microsoft

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor related to __usb_get_extra_descriptor in drivers/usb/core/↗2018-12-11

▶

💬Community

Bugzilla

CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS [fedora-all]↗2018-12-18

▶

Bugzilla

CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS↗2018-12-18

▶