4.6

CVE-2019-19535

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.2.9
DebianDebian Linux Version8.0
OpensuseLeap Version15.1
OracleSd-wan Edge Version8.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.39
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CWE-909 Missing Initialization of Resource

The product does not initialize a critical resource.

https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2019/12/03/4
Third Party Advisory
Mailing List
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9
Vendor Advisory
Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30a8beeb3042f49d0537b7050fd21b490166a3d9
Patch
Vendor Advisory