Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19524

Опубликовано: 15 нояб. 2019
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

A use-after-free flaw was found in the Linux kernel’s input device driver functionality when unplugging a device. A user with physical access could use this flaw to crash the system.

Меры по смягчению последствий

To mitigate this issue for the Red Hat Enterprise Linux 7 or higher version, prevent module ff-memless from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise MRG 2kernel-rtOut of support scope
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2020:406229.09.2020
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2020:210412.05.2020
Red Hat Enterprise Linux 7kernelFixedRHSA-2020:406029.09.2020
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2020:460904.11.2020
Red Hat Enterprise Linux 8kernelFixedRHSA-2020:443104.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1783459kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free

EPSS

Процентиль: 15%
0.0005
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19524

CVSS3: 4.6
ubuntu
больше 5 лет назад

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

nvd логотип

CVE-2019-19524

CVSS3: 4.6
nvd
больше 5 лет назад

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

debian логотип

CVE-2019-19524

CVSS3: 4.6
debian
больше 5 лет назад

In the Linux kernel before 5.3.12, there is a use-after-free bug that ...

github логотип

GHSA-26g6-gmvf-m8xm

CVSS3: 4.6
github
около 3 лет назад

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

fstec логотип

BDU:2020-00290

CVSS3: 4.6
fstec
больше 5 лет назад

Уязвимость драйвера drivers/input/ff-memless.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 15%
0.0005
Низкий

4.6 Medium

CVSS3