CVE-2019-19532

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.9

Description The issue is related to out-of-bounds write bugs in the Linux kernel HID drivers, which can be caused by a malicious USB device. This affects various drivers, including drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information using a malicious USB device.

Recommendations For Linux kernel versions prior to 5.3.9, update to version 5.3.9 or later to resolve the issue. As a temporary workaround, consider disabling the use of USB devices from untrusted sources until a patch is applied. Restrict access to the affected HID drivers to minimize the risk of exploitation.