Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19536

Опубликовано: 02 авг. 2019
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

A flaw was found in the Linux kernel’s implementation of the driver for the PEAK System PCAN-USB adapter. On device initialization, the driver can leak information to all devices connected to the CANBUS.

Меры по смягчению последствий

As the pcan_usb module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install pcan_usb /bin/true" >> /etc/modprobe.d/disable-pcan_usb.conf

The system will need to be restarted if the module is loaded. In most circumstances, the pcan_usb kernel modules will be unable to be unloaded while any CANBUS interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-772->CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1783552kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver

EPSS

Процентиль: 25%
0.0008
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19536

CVSS3: 4.6
ubuntu
больше 5 лет назад

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

nvd логотип

CVE-2019-19536

CVSS3: 4.6
nvd
больше 5 лет назад

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

debian логотип

CVE-2019-19536

CVSS3: 4.6
debian
больше 5 лет назад

In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...

github логотип

GHSA-pjfj-8qjp-8vjv

CVSS3: 4.6
github
около 3 лет назад

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

fstec логотип

BDU:2020-00298

CVSS3: 4.6
fstec
почти 6 лет назад

Уязвимость драйвера drivers/net/can/usb/peak_usb/pcan_usb_pro.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 25%
0.0008
Низкий

4.6 Medium

CVSS3