Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19526

Опубликовано: 08 окт. 2019
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

A use-after-free flaw was found in the pn533_usb_probe USB interface in the Linux kernel. If the driver registration fails it needs to do all the cleanup activity and free all the related resources. A malicious USB device can cause this process to fail, causing a use-after-free vulnerability. System availability is the highest threat with this vulnerability.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1783494kernel: use-after-free bug caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver

EPSS

Процентиль: 18%
0.00058
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19526

CVSS3: 4.6
ubuntu
около 6 лет назад

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

nvd логотип

CVE-2019-19526

CVSS3: 4.6
nvd
около 6 лет назад

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

debian логотип

CVE-2019-19526

CVSS3: 4.6
debian
около 6 лет назад

In the Linux kernel before 5.3.9, there is a use-after-free bug that c ...

github логотип

GHSA-c4gm-hhhr-wqqf

CVSS3: 4.6
github
больше 3 лет назад

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

fstec логотип

BDU:2020-00299

CVSS3: 4.6
fstec
больше 6 лет назад

Уязвимость драйвера drivers/nfc/pn533/usb.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 18%
0.00058
Низкий

4.6 Medium

CVSS3