CVE-2019-19532

 

Published at: - 03-12-2019 05:15

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d9d4b1e46d9543a82c23f6df03f4ad697dab361b
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
• [oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3-Mailing List, Third Party Advisory
• USN-4226-1-
• [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update-
• [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update-
• openSUSE-SU-2020:0336-

 

Keywords

NVD

 

CVE-2019-19532

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures