PT-2019-4478 · Linux+5 · Linux Kernel+5

Published

2019-11-04

·

Updated

2022-03-31

·

CVE-2019-19534

CVSS v3.1

2.4

Low

VectorAV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.11
Description The issue is related to a lack of protection for service data in the Linux kernel's drivers/net/can/usb/peak usb/pcan usb core.c driver. It can be exploited by a malicious USB device, potentially allowing an attacker to disclose protected information.
Recommendations For Linux kernel versions prior to 5.3.11, update to version 5.3.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices from untrusted sources to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-909CWE-200

Related Identifiers

ALT-PU-2019-3131
ALT-PU-2019-3155
ALT-PU-2019-3184
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-00296
CESA-2020_1567
CESA-2020_1769
CESA-2020_4060
CVE-2019-19534
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2019:2675-1
OPENSUSE-SU-2019_2675-1
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020_1567
RHSA-2020_1769
RHSA-2020_4060
RHSA-2020_4062
SUSE-SU-2019:3289-1
SUSE-SU-2019:3316-1
SUSE-SU-2019:3317-1
SUSE-SU-2019:3372-1
SUSE-SU-2019:3379-1
SUSE-SU-2019:3381-1
SUSE-SU-2019:3389-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0584-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:1255-1
USN-4225-1
USN-4225-2
USN-4226-1
USN-4227-1
USN-4227-2
USN-4228-1
USN-4228-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu