Oval Definition:oval:com.ubuntu.cosmic:def:20189516000
Revision Date:2018-11-06Version:1
Title:CVE-2018-9516 on Ubuntu 18.10 (cosmic) - negligible.
Description:In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. It was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-9516
Platform(s):Ubuntu 18.10
Product(s):
Definition Synopsis
  • Ubuntu 18.10 (cosmic) is installed.
  • AND Package Information
  • NOT While related to the CVE in some way, the 'linux' package in cosmic is not affected (note: '4.17.0-6.7').
  • OR NOT While related to the CVE in some way, the 'linux-aws' package in cosmic is not affected (note: '4.18.0-1002.3').
  • OR NOT While related to the CVE in some way, the 'linux-azure' package in cosmic is not affected (note: '4.18.0-1003.3').
  • OR NOT While related to the CVE in some way, the 'linux-gcp' package in cosmic is not affected (note: '4.18.0-1002.3').
  • OR NOT While related to the CVE in some way, the 'linux-kvm' package in cosmic is not affected (note: '4.18.0-1002.2').
  • OR The 'linux-oem' package in cosmic was vulnerable but has been fixed (note: '4.15.0-1033.38').
  • OR The 'linux-oracle' package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.15.0-1008.10').
  • OR NOT While related to the CVE in some way, the 'linux-raspi2' package in cosmic is not affected (note: '4.18.0-1004.6').
    • BACK