CVE-2019-11884
published 2019-05-10CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information…
low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.19.37-4 (bookworm) | linux 4.19.37-4 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| linux | linux_kernel | < 5.0.15 | 5.0.15 |
| linux | linux_kernel | >= 0 < 4.19.37-4 | 4.19.37-4 |
| linux | linux_kernel | >= 0 < 4.19.37-4 | 4.19.37-4 |
| linux | linux_kernel | >= 0 < 4.19.37-4 | 4.19.37-4 |
| linux | linux_kernel | >= 0 < 4.19.37-4 | 4.19.37-4 |
| linux | linux_kernel | >= 0 < 4.4.0-157.185 | 4.4.0-157.185 |
| linux | linux_kernel | >= 0 < 4.15.0-55.60 | 4.15.0-55.60 |
| linux | linux_kernel | >= 0 < 4.15.0-99.100 | 4.15.0-99.100 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv8.1HIGH