CVE-2019-19535

Опубликовано: 03 дек. 2019

Источник: nvd

CVSS3: 4.6

CVSS2: 2.1

EPSS Низкий

Описание

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/03/4
Mailing List
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9
Release Notes
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30a8beeb3042f49d0537b7050fd21b490166a3d9
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Mailing List
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/12/03/4
Mailing List
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9
Release Notes
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30a8beeb3042f49d0537b7050fd21b490166a3d9
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Mailing List
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.2.9 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00033

Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-908

Связанные уязвимости

CVE-2019-19535

CVSS3: 4.6

ubuntu

больше 5 лет назад

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

CVE-2019-19535

CVSS3: 4.6

redhat

почти 6 лет назад

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

CVE-2019-19535

CVSS3: 4.6

debian

больше 5 лет назад

In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...

GHSA-c9j5-mrjc-hx8m

CVSS3: 4.6

github

около 3 лет назад

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.

BDU:2020-00291

CVSS3: 4.6

fstec

почти 6 лет назад

Уязвимость драйвера drivers/net/can/usb/peak_usb/pcan_usb_fd.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 8%

0.00033

Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-908