CVE-2019-19534 — Missing Initialization of Resource in Kernel
Severity
2.4LOWNVD
OSV9.8OSV8.8
EPSS
0.1%
top 69.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 3
Latest updateMay 24
Description
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4
Affected Packages4 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.04, 19.10
Patches
🔴Vulnerability Details
9OSV▶
linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities↗2020-01-07
📋Vendor Advisories
9💬Community
3Bugzilla▶
CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver [fedora-all]↗2020-01-29
Bugzilla▶
CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver [fedora-all]↗2019-12-13
Bugzilla▶
CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver↗2019-12-13