CVE-2019-19534

 

Published at: - 03-12-2019 05:15

Last modified: - 26-10-2022 01:44

Total changes: - 5

Description

In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

 

Verification logic

 

Reference

• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd
• [oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3-Mailing List, Third Party Advisory
• openSUSE-SU-2019:2675-Mailing List, Third Party Advisory
• USN-4228-1-Third Party Advisory
• USN-4227-1-Third Party Advisory
• USN-4225-1-Third Party Advisory
• USN-4228-2-Third Party Advisory
• USN-4226-1-Third Party Advisory
• USN-4227-2-Third Party Advisory
• [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update-Mailing List, Third Party Advisory
• USN-4225-2-Third Party Advisory
• [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2019-19534

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures