Oval Definition:	oval:com.ubuntu.bionic:def:201819985000
Revision Date: 2019-03-21 Version: 1 Title: CVE-2018-19985 on Ubuntu 18.04 LTS (bionic) - low. Description: The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). Family: unix Class: vulnerability Status: Reference(s): CVE-2018-19985 Platform(s): Ubuntu 18.04 LTS Product(s): Definition Synopsis Ubuntu 18.04 LTS (bionic) is installed. AND Package Information The 'linux' package in bionic is affected and needs fixing. OR The 'linux-aws' package in bionic is affected and needs fixing. OR The 'linux-azure' package in bionic is affected and needs fixing. OR The 'linux-azure-edge' package in bionic is affected and needs fixing. OR The 'linux-gcp' package in bionic is affected and needs fixing. OR The 'linux-gcp-edge' package in bionic is affected and needs fixing. OR The 'linux-gke' package in bionic is affected and needs fixing. OR The 'linux-hwe' package in bionic is affected and needs fixing. OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '5.0.0-14.15~18.04.1'). OR The 'linux-kvm' package in bionic is affected and needs fixing. OR The 'linux-oem' package in bionic is affected and needs fixing. OR The 'linux-oracle' package in bionic is affected and needs fixing. OR The 'linux-raspi2' package in bionic is affected and needs fixing. OR The 'linux-snapdragon' package in bionic is affected and needs fixing.
BACK