Bug 1783515 (CVE-2019-19529) - CVE-2019-19529 kernel: use-after-free bug caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c
Summary: CVE-2019-19529 kernel: use-after-free bug caused by a malicious USB device in...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-19529
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1783516 1797430 1797431 1797432
Blocks: 1783517
TreeView+ depends on / blocked
 
Reported: 2019-12-13 20:57 UTC by msiddiqu
Modified: 2021-10-25 22:14 UTC (History)
41 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the driver for the USB Microchip CAN BUS Analyzer Tool. The CAN BUS analysis hardware is not commonly found on server-grade hardware where the flaw exists while a device is removed (physical access) or a kernel module is unloaded (administrative privileges). An attacker must race the code while the device is being unplugged to take advantage of this flaw.
Clone Of:
Environment:
Last Closed: 2021-10-25 22:14:31 UTC


Attachments (Terms of Use)

Description msiddiqu 2019-12-13 20:57:28 UTC
A use-after-free flaw in the driver for the  Microchip CAN BUS Analyzer Tool. CANBUS devices are not commonly found on server grade hardware.  The flaw exists while a device is removed (physical access) or a kernel module is unloaded (administrative privs)

Upstream Patch: 

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d6636498c41891d0482a914dd570343a838ad79

References:  

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
https://www.openwall.com/lists/oss-security/2019/12/03/4
http://seclists.org/oss-sec/2019/q4/115
http://www.openwall.com/lists/oss-security/2019/12/03/4

Comment 1 msiddiqu 2019-12-13 20:57:49 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1783516]

Comment 2 Justin M. Forbes 2019-12-16 17:05:26 UTC
This is fixed for Fedora in the 5.3.11 stable kernel update.

Comment 5 Wade Mealing 2020-02-03 03:57:03 UTC
Mitigation:


As the  mcba_usb odule will be auto-loaded when required, its use can be disabled  by preventing the module from loading with the following instructions: 

# echo "install mcba_usb /bin/true" >> /etc/modprobe.d/disable-mcba_usb.conf  
 
The system will need to be restarted in the unlikely case that the modules are loaded. In most circumstances, the  kernel modules will be unable to be unloaded with rmmod while any device has the software in use. 

If the system requires this module to work correctly, this mitigation may not be suitable, alternative USB can analysers will not suffer this same flaw.

If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Comment 6 Wade Mealing 2020-02-03 05:55:49 UTC
Most systems wont have this module loaded by default as this is mostly used by automotive/marine diagnostic systems.


Note You need to log in before you can comment on or make changes to this bug.