suse · CVE-2018-19985

Quick triage

Priority: medium Published: 2021-05-30 14:19:16 UTC Updated: 2026-04-17 15:13:13 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-19985 severity moderate: SUSE including 314 source package names (bpftool-3.10.0-1127.el7, bpftool-4.18.0-147.el8, …), 539 product×package rows across 78 product lines (SUSE CaaS Platform 3.0, SUSE CaaS Platform 4.0, … (78 product lines)): Fixed 490, Known Not Affected 49.

Description:

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

cvelogic Threat Intelligence