Unrated severityNVD Advisory· Published Dec 4, 2018· Updated Aug 5, 2024
CVE-2018-19854
CVE-2018-19854
Description
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).
Affected products
37- osv-coords37 versionspkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/kernel-livepatch-SLE15_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4
< 4.12.14-lp150.12.45.1+ 36 more
- (no CPE)range: < 4.12.14-lp150.12.45.1
- (no CPE)range: < 4.12.14-5.19.1
- (no CPE)range: < 4.12.14-6.6.2
- (no CPE)range: < 4.12.14-6.6.2
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 1-1.3.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-5.19.1
- (no CPE)range: < 4.12.14-6.6.2
- (no CPE)range: < 4.12.14-6.6.2
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-5.19.1
- (no CPE)range: < 4.12.14-6.6.2
- (no CPE)range: < 4.12.14-6.6.2
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-95.6.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 4.12.14-25.28.1
- (no CPE)range: < 1-6.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- access.redhat.com/errata/RHSA-2019:3309mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2019:3517mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3872-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3878-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3878-2/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3901-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3901-2/mitrevendor-advisoryx_refsource_UBUNTU
- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/mitrex_refsource_MISC
- github.com/torvalds/linux/commit/f43f39958beb206b53292801e216d9b8a660f087mitrex_refsource_MISC
- kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.3mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.