CVE-2019-11884
Advisory lineage Upstream: 0 Downstream: 29
Modified
Published: 10 May 2019, 21:53
Last modified:04 Aug 2024, 23:10
Vulnerability Summary
Overall Risk (default)
low
13/100 CVSS Score
3.3 LOW
v3.1 (nvd)
EPSS Score
0.05% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
10 May 2019, 21:53
Published
Vulnerability first disclosed
04 Aug 2024, 23:10
Last Modified
Vulnerability information updated
Description
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
CVSS Metrics
- v3.1•LOW•Score: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.05%• Percentile: 15%
Affected Systems
- canonical•ubuntu_linux
16.04 | 18.04 | 19.04
- debian•debian_linux
8.0 | 9.0
- fedoraproject•fedora
28 | 29 | 30
- linux•linux_kernel
< 5.0.15
- opensuse•leap
15.0 | 15.1 | 42.3
- redhat•enterprise_linux
8.0
- redhat•enterprise_linux_eus
8.1 | 8.2 | 8.4 | 8.6
- redhat•enterprise_linux_for_real_time
8.0
- redhat•enterprise_linux_for_real_time_for_nfv_tus
8.2 | 8.4 | 8.6
- redhat•enterprise_linux_for_real_time_tus
8.2 | 8.4 | 8.6
- redhat•enterprise_linux_server_aus
8.2 | 8.4 | 8.6
- redhat•enterprise_linux_server_tus
8.2 | 8.4 | 8.6
References (23)
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15
- https://github.com/torvalds/linux/commit/a1616a5ac99ede5d605047a9012481ce7ff18b16
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1616a5ac99ede5d605047a9012481ce7ff18b16
- http://www.securityfocus.com/bid/108299
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAYXGGJUUYPOMCBZGGDCUZFLUU3JOZG5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF2PDXUGOFEOTPVEACKFIHQB6O4XUIZD/
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPWHQHNM2MSGO3FDJVIQXQNKYVR7TV45/
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
- https://www.debian.org/security/2019/dsa-4465
- https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- https://seclists.org/bugtraq/2019/Jun/26
- https://usn.ubuntu.com/4068-1/
- https://usn.ubuntu.com/4068-2/
- https://usn.ubuntu.com/4069-1/
- https://usn.ubuntu.com/4076-1/
- https://usn.ubuntu.com/4069-2/
- https://usn.ubuntu.com/4118-1/
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2020:0740