Description
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
References (12)
Core 12
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3879-2/
Mailing List, Patch, Vendor Advisory x_refsource_misc
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3879-1/
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4094-1/
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4118-1/
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3309
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3517
Scores
CVSS v3
6.8
EPSS
0.0012
EPSS Percentile
31.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-400
Status
published
Products (4)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
debian/debian_linux
8.0
linux/linux_kernel
< 3.16.63
Published
Dec 17, 2018
Tracked Since
Feb 18, 2026