CVE-2019-19523 — Use After Free in Kernel

CWE-416 — Use After Free CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 90.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +2 more

Timeline

PublishedDec 3

Latest updateFeb 14

Description

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages5 packages

▶NVDlinux/linux_kernel< 5.3.7

▶Debianlinux/linux_kernel< 5.3.7-1+3

▶debiandebian/linux< linux 5.3.7-1 (bookworm)

▶NVDopensuse/leap15.1

▶Palo Altopaloalto/pan-os

Also affects: Debian Linux 8.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-cx92-wgvf-9758: In the Linux kernel before 5↗2022-05-24

▶

OSV

CVE-2019-19523: In the Linux kernel before 5↗2019-12-03

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Red Hat

kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver↗2019-10-04

▶

Debian

CVE-2019-19523: linux - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caus...↗2019

▶

💬Community

Bugzilla

CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver [fedora-all]↗2020-02-06

▶

Bugzilla

CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver↗2019-12-13

▶

Bugzilla

CVE-2019-19523 kernel: kernel:use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver [fedora-all]↗2019-12-13

▶