Bug 1115593 (CVE-2018-19270) - VUL-0: CVE-2018-19270: kernel-source: USB: yurex: fix out-of-bounds uaccess in read handler
Summary: VUL-0: CVE-2018-19270: kernel-source: USB: yurex: fix out-of-bounds uaccess i...
Status: RESOLVED DUPLICATE of bug 1106095
Alias: CVE-2018-19270
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: aarch64 SLES 15
: P2 - High : Normal
Target Milestone: ---
Assignee: Oliver Neukum
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3:SUSE:CVE-2018-19270:7.0:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-12 09:16 UTC by tian tao
Modified: 2020-08-28 08:56 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description tian tao 2018-11-12 09:16:41 UTC
The following patch fixed the out-of-bounds problem of the usb driver,which has been received by the main line.

commit f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
Author: Jann Horn <jannh@google.com>
Date:   Fri Jul 6 17:12:56 2018 +0200

    USB: yurex: fix out-of-bounds uaccess in read handler

    In general, accessing userspace memory beyond the length of the supplied
    buffer in VFS read/write handlers can lead to both kernel memory corruption
    (via kernel_read()/kernel_write(), which can e.g. be triggered via
    sys_splice()) and privilege escalation inside userspace.

    Fix it by using simple_read_from_buffer() instead of custom logic.
Comment 2 Marcus Meissner 2018-11-14 08:03:41 UTC
    Fixes: 6bc235a2e24a ("USB: add driver for Meywa-Denki & Kayac YUREX")
Comment 3 Marcus Meissner 2018-11-14 08:04:38 UTC
so 2.6.37 and later is affected, 4.18 and later are fixed.
Comment 4 Marcus Meissner 2018-11-14 08:12:22 UTC
cve requested from Mitre.
Comment 5 Marcus Meissner 2018-11-14 08:15:49 UTC
in 4.4.141 stable kernel:

patches.kernel.org/4.4.141-008-USB-yurex-fix-out-of-bounds-uaccess-in-read-h.patch

sle15 branch has:
patches.fixes/0001-USB-yurex-fix-out-of-bounds-uaccess-in-read-handler.patch
so fixed there already with an earlier update.
Comment 6 Marcus Meissner 2018-11-14 09:27:19 UTC
patches.fixes/usb-yurex-fix-out-of-bounds-uaccess-in-read-handler.patch 
in sles12 sp2 ltss, also already released
Comment 8 Marcus Meissner 2018-11-14 14:10:36 UTC
sigh ... on review I see that this is a duplicate of bug 1106095

*** This bug has been marked as a duplicate of bug 1106095 ***
Comment 9 Swamp Workflow Management 2019-01-16 08:06:31 UTC
SUSE-SU-2019:0095-1: An update that solves 13 vulnerabilities and has 140 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1044189,1048129,1050431,1050549,1053043,1054239,1057199,1062303,1063026,1065600,1065726,1066223,1067906,1073579,1076393,1078788,1079524,1082519,1082863,1082979,1083215,1083527,1084427,1084536,1084760,1087209,1088087,1089343,1090535,1091158,1093118,1094244,1094555,1094562,1094825,1095344,1095753,1095805,1096052,1096547,1098050,1098996,1099597,1099810,1101555,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106095,1106105,1106110,1106240,1106293,1106359,1106434,1106512,1106594,1106913,1106929,1106934,1107060,1107299,1107318,1107535,1107829,1107870,1107924,1108096,1108170,1108240,1108281,1108315,1108377,1108399,1108498,1108803,1108823,1109038,1109158,1109333,1109336,1109337,1109441,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113766,1113769,1114178,1114229,1114648,1115593,981083,997172
CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-7480,CVE-2018-7757,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.162-4.19.2, kernel-source-azure-4.4.162-4.19.1, kernel-syms-azure-4.4.162-4.19.1