vulnerability
Oracle Linux: CVE-2019-13631: ELSA-2019-4739: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Jul 11, 2019 | Aug 9, 2019 | Dec 3, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 11, 2019
Added
Aug 9, 2019
Modified
Dec 3, 2025
Description
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.
A flaw was found in the Linux kernel's implementation of GTCO tablet/digitizer's version of the parse_hid_report_descriptor in drivers. An attacker with local access could use this flaw to create a specially crafted USB device inserted into the host to corrupt memory, trigger an out-of-bounds write during the generation of debugging messages, or possibly escalate the privileges of a process.
A flaw was found in the Linux kernel's implementation of GTCO tablet/digitizer's version of the parse_hid_report_descriptor in drivers. An attacker with local access could use this flaw to create a specially crafted USB device inserted into the host to corrupt memory, trigger an out-of-bounds write during the generation of debugging messages, or possibly escalate the privileges of a process.
Solutions
oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.