PT-2019-4478 · Linux+5 · Linux Kernel+5

Publicado

2019-11-04

·

Atualizado

2022-03-31

·

CVE-2019-19534

CVSS v3.1

2.4

Baixa

VetorAV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.11
Description The issue is related to a lack of protection for service data in the Linux kernel's drivers/net/can/usb/peak usb/pcan usb core.c driver. It can be exploited by a malicious USB device, potentially allowing an attacker to disclose protected information.
Recommendations For Linux kernel versions prior to 5.3.11, update to version 5.3.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices from untrusted sources to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-909CWE-200

Identificadores relacionados

ALT-PU-2019-3131
ALT-PU-2019-3155
ALT-PU-2019-3184
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-00296
CESA-2020_1567
CESA-2020_1769
CESA-2020_4060
CVE-2019-19534
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2019:2675-1
OPENSUSE-SU-2019_2675-1
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020_1567
RHSA-2020_1769
RHSA-2020_4060
RHSA-2020_4062
SUSE-SU-2019:3289-1
SUSE-SU-2019:3316-1
SUSE-SU-2019:3317-1
SUSE-SU-2019:3372-1
SUSE-SU-2019:3379-1
SUSE-SU-2019:3381-1
SUSE-SU-2019:3389-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0584-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:1255-1
USN-4225-1
USN-4225-2
USN-4226-1
USN-4227-1
USN-4227-2
USN-4228-1
USN-4228-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu