Vulnerability CVE-2019-19525: Information

Description

In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.

Severity: MEDIUM (4.6) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-19525
Published: Dec. 3, 2019
Modified: Oct. 31, 2022
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-mpsisyphus5.3.8-alt16.9.4-alt1ALT-PU-2019-3061-1239979Fixed
kernel-image-mpp105.3.8-alt16.1.19-alt1ALT-PU-2019-3061-1239979Fixed
kernel-image-mpp95.5.16-alt15.12.16-alt1ALT-PU-2020-1714-1249865Fixed
kernel-image-mpc9f25.5.16-alt15.7.16-alt1ALT-PU-2020-1714-1249865Fixed
kernel-image-mpp115.3.8-alt16.8.8-alt1ALT-PU-2019-3061-1239979Fixed
kernel-image-rpi-defsisyphus5.4.51-alt15.15.92-alt2ALT-PU-2020-2410-1254998Fixed
kernel-image-rpi-defp105.4.51-alt15.15.92-alt2ALT-PU-2020-2410-1254998Fixed
kernel-image-rpi-defp95.4.51-alt25.10.81-alt1ALT-PU-2020-2433-1255241Fixed
kernel-image-rpi-defc9f25.4.51-alt25.4.61-alt1ALT-PU-2020-2433-1255241Fixed
kernel-image-rpi-defp115.4.51-alt15.15.92-alt2ALT-PU-2020-2410-1254998Fixed
kernel-image-rpi-unsisyphus5.5.5-alt0.26.6.23-alt1ALT-PU-2020-1421-1247100Fixed
kernel-image-rpi-unp105.5.5-alt0.26.1.77-alt1ALT-PU-2020-1421-1247100Fixed
kernel-image-rpi-unp95.5.5-alt0.35.12.17-alt1ALT-PU-2020-1450-1247310Fixed
kernel-image-rpi-unc9f25.5.5-alt0.35.7.8-alt3ALT-PU-2020-1450-1247310Fixed
kernel-image-rpi-unp115.5.5-alt0.26.6.23-alt1ALT-PU-2020-1421-1247100Fixed
kernel-image-rtsisyphus5.10.35-alt1.rt396.1.92-alt1.rt32ALT-PU-2021-1870-1272532Fixed
kernel-image-rtp105.10.35-alt1.rt395.10.218-alt1.rt110ALT-PU-2021-1870-1272532Fixed
kernel-image-rtp115.10.35-alt1.rt396.1.90-alt2.rt30ALT-PU-2021-1870-1272532Fixed
kernel-image-std-defsisyphus5.4.17-alt16.1.93-alt1ALT-PU-2020-1198-1245508Fixed
kernel-image-std-defp105.4.17-alt15.10.218-alt1ALT-PU-2020-1198-1245508Fixed
kernel-image-std-defp95.4.25-alt25.4.277-alt1ALT-PU-2020-1501-1247586Fixed
kernel-image-std-defc9f25.4.25-alt25.10.214-alt0.c9f.2ALT-PU-2020-1501-1247586Fixed
kernel-image-std-defp115.4.17-alt16.1.91-alt1ALT-PU-2020-1198-1245508Fixed
kernel-image-un-defsisyphus5.3.6-alt16.6.33-alt1ALT-PU-2019-2900-1239169Fixed
kernel-image-un-defp105.3.6-alt16.1.90-alt1ALT-PU-2019-2900-1239169Fixed
kernel-image-un-defp95.3.6-alt15.10.218-alt1ALT-PU-2019-2930-1239170Fixed
kernel-image-un-defc10f15.3.6-alt16.1.85-alt0.c10f.1ALT-PU-2019-2900-1239169Fixed
kernel-image-un-defc9f25.3.6-alt15.10.29-alt2ALT-PU-2019-2930-1239170Fixed
kernel-image-un-defp115.3.6-alt16.6.31-alt1ALT-PU-2019-2900-1239169Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed
usbipp115.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fd25e6fc035f4b04b75bca6d7e8daa069603a76
  • Patch
  • Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
  • Release Notes
  • Vendor Advisory
[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2675
  • Mailing List
  • Third Party Advisory
[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      End excliding
      5.3.6

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top