CVE-2019-19537
|
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 4.2 MEDIUM
V2: 4.7 MEDIUM
|
CVE-2019-19536
|
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 2.1 LOW
|
CVE-2019-19535
|
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 2.1 LOW
|
CVE-2019-19534
|
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 2.4 LOW
V2: 2.1 LOW
|
CVE-2019-19533
|
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 2.4 LOW
V2: 2.1 LOW
|
CVE-2019-19532
|
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 6.8 MEDIUM
V2: 4.6 MEDIUM
|
CVE-2019-19531
|
In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 6.8 MEDIUM
V2: 4.6 MEDIUM
|
CVE-2019-19530
|
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2019-19529
|
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2019-19528
|
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.
Published:
December 03, 2019; 11:15:13 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2019-19527
|
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
Published:
December 03, 2019; 11:15:12 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2019-19526
|
In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.
Published:
December 03, 2019; 11:15:12 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2019-19525
|
In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.
Published:
December 03, 2019; 11:15:12 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2019-19524
|
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
Published:
December 03, 2019; 11:15:12 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2019-19523
|
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
Published:
December 03, 2019; 11:15:12 AM -05:00
|
V3.1: 4.6 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2019-19462
|
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
Published:
November 29, 2019; 08:15:10 PM -05:00
|
V3.1: 5.5 MEDIUM
V2: 4.9 MEDIUM
|
CVE-2019-18660
|
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
Published:
November 27, 2019; 06:15:10 PM -05:00
|
V3.1: 5.5 MEDIUM
V2: 2.1 LOW
|
CVE-2019-19252
|
vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.
Published:
November 25, 2019; 01:15:11 PM -05:00
|
V3.1: 7.8 HIGH
V2: 4.6 MEDIUM
|
CVE-2019-18675
|
The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.
Published:
November 25, 2019; 09:15:12 AM -05:00
|
V3.1: 7.8 HIGH
V2: 7.2 HIGH
|
CVE-2019-10207
|
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.
Published:
November 25, 2019; 09:15:11 AM -05:00
|
V3.1: 5.5 MEDIUM
V2: 2.1 LOW
|