Bug 1783547 (CVE-2019-19535)
Summary: | CVE-2019-19535 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.cdriver | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | msiddiqu |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mcressma, mjg59, mlangsdo, nmurray, qzhao, rt-maint, rvrbovsk, steved, williams, wmealing |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel’s implementation of the Peak CANBUS USB device driver. An information leak caused by the device could allow a local attacker to possibly gain private information from uninitialized kernel memory.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-25 22:15:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1783548, 1785510, 1785511, 1785514 | ||
Bug Blocks: | 1783549 |
Description
msiddiqu
2019-12-13 21:38:45 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1783548] This was fixed for Fedora with the 5.2.9 stable kernel update. This flaw is rated as moderate, its an information leak that only happens once at device creation time, access methods of the information is quite difficult. |