CVE-2019-11884

Published: May 10, 2019Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

Affected (30)

Products: Linux: Linux Kernel · Fedoraproject: Fedora · Debian: Debian Linux · +3 more

Show all products

Linux: Linux Kernel · Fedoraproject: Fedora · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Real Time, Enterprise Linux For Real Time For Nfv Tus, Enterprise Linux For Real Time Tus, Enterprise Linux Server Aus, Enterprise Linux Server Tus · Opensuse: Leap

1 product

1 product

1 product

1 product

7 products

Enterprise Linux For Real Time

Enterprise Linux For Real Time For Nfv Tus

Enterprise Linux For Real Time Tus

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Opensuse

1 product

Leap

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.0.15

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 28
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04

Configuration E

18 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Eus	Version 8.1
Redhat Enterprise Linux Eus	Version 8.2
Redhat Enterprise Linux Eus	Version 8.4
Redhat Enterprise Linux Eus	Version 8.6
Redhat Enterprise Linux For Real Time	Version 8.0
Redhat Enterprise Linux For Real Time For Nfv Tus	Version 8.2
Redhat Enterprise Linux For Real Time For Nfv Tus	Version 8.4
Redhat Enterprise Linux For Real Time For Nfv Tus	Version 8.6
Redhat Enterprise Linux For Real Time Tus	Version 8.2
Redhat Enterprise Linux For Real Time Tus	Version 8.4
Redhat Enterprise Linux For Real Time Tus	Version 8.6
Redhat Enterprise Linux Server Aus	Version 8.2
Redhat Enterprise Linux Server Aus	Version 8.4
Redhat Enterprise Linux Server Aus	Version 8.6
Redhat Enterprise Linux Server Tus	Version 8.2
Redhat Enterprise Linux Server Tus	Version 8.4
Redhat Enterprise Linux Server Tus	Version 8.6

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1
Opensuse Leap	Version 42.3

References (46)

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108299

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:3309

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3517

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0740

Source: cve@mitre.org

Third Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15

Source: cve@mitre.org

Release NotesVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1616a5ac99ede5d605047a9012481ce7ff18b16

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16

Source: cve@mitre.org

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPWHQHNM2MSGO3FDJVIQXQNKYVR7TV45/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAYXGGJUUYPOMCBZGGDCUZFLUU3JOZG5/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF2PDXUGOFEOTPVEACKFIHQB6O4XUIZD/

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/Jun/26

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4068-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4068-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4069-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4069-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4076-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4118-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4465

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html