SB2019012519 - Infinite loop in Linux kernel
Published: January 25, 2019 Updated: May 30, 2020
Security Bulletin ID
SB2019012519
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2019-3819)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the function hid_debug_events_read() in drivers/hid/hid-debug.c file due to infinite loop when certain parameters passed from a userspace. A local attacker can execute a specially crafted program that submits malicious input to cause a system lock up and a denial of service.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git/commit/?id=13054abbaa4f1fd4e6f3b4b63439ec033b4c8035
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819
- https://github.com/torvalds/linux/commit/717adfdaf14704fd3ec7fa2c04520c0723247eac
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.175
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.157
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.100