View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-19985 severity moderate: SUSE including 314 source package names (bpftool-3.10.0-1127.el7, bpftool-4.18.0-147.el8, …), 539 product×package rows across 78 product lines (SUSE CaaS Platform 3.0, SUSE CaaS Platform 4.0, … (78 product lines)): Fixed 490, Known Not Affected 49.
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.