Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19528

Опубликовано: 09 окт. 2019
Источник: redhat
CVSS3: 6.1

Описание

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

A use-after-free flaw was found in iowarrior_disconnect in iowarrior USB driver module were a flag was simultaneously modified causing a race between a device open and disconnect. This flaw could allow a physical attacker to cause a denial of service (DoS) attack. This vulnerability could even lead to a kernel information leak problem.

Меры по смягчению последствий

This flaw can be mitigated by preventing the affected USB IO-Warrior driver (iowarrior) kernel module from loading during the boot time, ensure the module is added into the blacklist file.

Refer: How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2kernel-rtWill not fix
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2021:173918.05.2021
Red Hat Enterprise Linux 8kernelFixedRHSA-2021:157818.05.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1783507kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19528

CVSS3: 6.1
ubuntu
больше 5 лет назад

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

nvd логотип

CVE-2019-19528

CVSS3: 6.1
nvd
больше 5 лет назад

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

debian логотип

CVE-2019-19528

CVSS3: 6.1
debian
больше 5 лет назад

In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...

github логотип

GHSA-5869-5hjv-gvqp

github
около 3 лет назад

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

fstec логотип

BDU:2020-00287

CVSS3: 4.6
fstec
больше 5 лет назад

Уязвимость драйвера drivers/usb/misc/iowarrior.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

6.1 Medium

CVSS3