Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19947

Опубликовано: 06 янв. 2020
Источник: redhat
CVSS3: 4.3

Описание

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

A flaw was found in the Linux kernel in versions through 5.4.6, containing information leaks of uninitialized memory to a USB device. The latest findings show that the uninitialized memory allocation was not leading to an information leak, but was allocating the memory assigned with data on the next line and hence causing no violation.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1788039kernel: uninitialized memory allocation in drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c leading to information leak

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19947

CVSS3: 4.6
ubuntu
около 6 лет назад

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

nvd логотип

CVE-2019-19947

CVSS3: 4.6
nvd
около 6 лет назад

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

debian логотип

CVE-2019-19947

CVSS3: 4.6
debian
около 6 лет назад

In the Linux kernel through 5.4.6, there are information leaks of unin ...

github логотип

GHSA-hvvf-8784-846m

CVSS3: 4.6
github
больше 3 лет назад

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

fstec логотип

BDU:2020-00356

CVSS3: 4.6
fstec
около 6 лет назад

Уязвимость ядра операционных систем Linux, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

4.3 Medium

CVSS3