公告ID: KYLIN-2019-13631
安全等级: 中等
产品: Kylin V3
发布日期: 2019年7月11日
CVE: CVE-2019-13631
CVSS3评分: 5.3
概述:
None 描述:
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. A flaw was found in the Linux kernel's implementation of GTCO tablet/digitizer's version of the parse_hid_report_descriptor in drivers. An attacker with local access could use this flaw to create a specially crafted USB device inserted into the host to corrupt memory, trigger an out-of-bounds write during the generation of debugging messages, or possibly escalate the privileges of a process. 系统版本:
KYLIN 3.3.x
KYLIN 3.0.x
KYLIN 3.2.x
KYLIN 3.3.x
KYLIN 3.3.x
KYLIN 3.4.x
KYLIN 3.4.x
受影响包列表:
kernel-alt
kernel
kernel
kernel-rt
kernel
kernel-rt
kernel