Bug 1783498 (CVE-2019-19527)
| Summary: | CVE-2019-19527 kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | msiddiqu |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, airlied, asavkov, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jshortt, jstancek, jthierry, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, qzhao, rhandlin, rkeshri, rt-maint, rvrbovsk, steved, williams, ycote |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A vulnerability was found in hiddev_open in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddev_list cleanup occurs at failure, as this may lead to a use-after-free problem, or possibly escalate privileges to an unauthorized user.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-07 10:32:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1783503, 1803439, 1803440, 1803441, 1803442, 1803443, 1803444, 1803445, 1803446, 1803447, 1803448, 1803449, 1803450, 1803451, 1803452, 1803453, 1803454, 1803455, 1803456, 1803457, 1803458, 1803459, 1803460, 1803461, 1803462, 1803463, 1803464, 1803465, 1803466, 1804539, 1804540, 1804541, 1804542, 1814257, 1814259 | ||
| Bug Blocks: | 1783502 | ||
|
Description
msiddiqu
2019-12-13 20:29:51 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1783503] This is fixed for Fedora with the 5.2.10 stable kernel update. Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Statement: This issue is rated as Moderate because of the need of physical access to the system. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1378 https://access.redhat.com/errata/RHSA-2020:1378 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19527 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1372 https://access.redhat.com/errata/RHSA-2020:1372 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3220 https://access.redhat.com/errata/RHSA-2020:3220 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3221 https://access.redhat.com/errata/RHSA-2020:3221 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:4236 https://access.redhat.com/errata/RHSA-2020:4236 |