Bug 1781821 (CVE-2019-19532) - CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-bounds write
Summary: CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-boun...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-19532
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1740778 1781823 1821869 1821870 1821873 1821874 1821876 1821877 1948460 1948461 1948462 1948463
Blocks: 1781825
TreeView+ depends on / blocked
 
Reported: 2019-12-10 16:20 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-06-09 21:24 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds write flaw was found in the Linux kernel’s HID drivers. An attacker, able to plug in a malicious USB device, can crash the system or read and write to memory with an incorrect address.
Clone Of:
Environment:
Last Closed: 2021-03-16 19:18:42 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0856 0 None None None 2021-03-16 13:50:43 UTC
Red Hat Product Errata RHSA-2021:0857 0 None None None 2021-03-16 13:51:37 UTC
Red Hat Product Errata RHSA-2021:2355 0 None None None 2021-06-09 09:27:20 UTC

Description Guilherme de Almeida Suckevicz 2019-12-10 16:20:46 UTC 
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

Reference:
https://www.openwall.com/lists/oss-security/2019/12/03/4

Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d9d4b1e46d9543a82c23f6df03f4ad697dab361b
Comment 1 Guilherme de Almeida Suckevicz 2019-12-10 16:22:23 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1781823]
Comment 2 Justin M. Forbes 2019-12-11 18:20:15 UTC 
This was fixed for Fedora with the 5.3.9 stable kernel update.
Comment 5 Eric Christensen 2020-04-07 19:22:56 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 6 Petr Matousek 2020-04-08 12:20:06 UTC 
Statement:

This issue was rated as having Moderate impact because of the need of physical access to trigger it.
Comment 7 errata-xmlrpc 2021-03-16 13:50:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0856 https://access.redhat.com/errata/RHSA-2021:0856
Comment 8 errata-xmlrpc 2021-03-16 13:51:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0857 https://access.redhat.com/errata/RHSA-2021:0857
Comment 9 Product Security DevOps Team 2021-03-16 19:18:42 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-19532
Comment 11 errata-xmlrpc 2021-05-11 12:30:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:1531 https://access.redhat.com/errata/RHSA-2021:1531
Comment 12 errata-xmlrpc 2021-06-01 08:43:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:2164 https://access.redhat.com/errata/RHSA-2021:2164
Comment 13 errata-xmlrpc 2021-06-09 09:27:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:2355 https://access.redhat.com/errata/RHSA-2021:2355
Note You need to log in before you can comment on or make changes to this bug.