CVE-2018-9363
Publication date 2 August 2018
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.
From the Ubuntu Security Team
It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
18.04 LTS bionic |
Fixed 4.15.0-39.42
|
|
16.04 LTS xenial |
Fixed 4.4.0-138.164
|
|
14.04 LTS trusty |
Fixed 3.13.0-162.212
|
|
linux-aws | ||
18.04 LTS bionic |
Fixed 4.15.0-1027.27
|
|
16.04 LTS xenial |
Fixed 4.4.0-1070.80
|
|
14.04 LTS trusty |
Fixed 4.4.0-1032.35
|
|
linux-azure | ||
18.04 LTS bionic |
Fixed 4.15.0-1031.32
|
|
16.04 LTS xenial |
Fixed 4.15.0-1031.32~16.04.1
|
|
14.04 LTS trusty |
Fixed 4.15.0-1031.32~14.04.1
|
|
linux-azure-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-1031.32
|
|
14.04 LTS trusty | Not in release | |
linux-euclid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp | ||
18.04 LTS bionic |
Fixed 4.15.0-1024.25
|
|
16.04 LTS xenial |
Fixed 4.15.0-1024.25~16.04.2
|
|
14.04 LTS trusty | Not in release | |
linux-gke | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-39.42~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-39.42~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-kvm | ||
18.04 LTS bionic |
Fixed 4.15.0-1026.26
|
|
16.04 LTS xenial |
Fixed 4.4.0-1036.42
|
|
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-wily | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-138.164~14.04.1
|
|
linux-maguro | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | ||
18.04 LTS bionic |
Fixed 4.15.0-1026.31
|
|
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
18.04 LTS bionic |
Fixed 4.15.0-1028.30
|
|
16.04 LTS xenial |
Fixed 4.4.0-1099.107
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.4.0-1103.108
|
|
14.04 LTS trusty | Not in release |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.4 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3820-3
- Linux kernel (Azure) vulnerabilities
- 14 November 2018
- USN-3820-2
- Linux kernel (HWE) vulnerabilities
- 14 November 2018
- USN-3820-1
- Linux kernel vulnerabilities
- 14 November 2018
- USN-3822-2
- Linux kernel (Trusty HWE) vulnerabilities
- 14 November 2018
- USN-3822-1
- Linux kernel vulnerabilities
- 14 November 2018
- USN-3797-2
- Linux kernel (Xenial HWE) vulnerabilities
- 23 October 2018
- USN-3797-1
- Linux kernel vulnerabilities
- 23 October 2018