CVE-2019-19947

Description

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

CVSS Metrics

• v3.1•MEDIUM•Score: 4.6CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
• v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.11%• Percentile: 29%

Techniques & Countermeasures

• CWE-908•Use of Uninitialized Resource

  The product uses or accesses a resource that has not been initialized.

Affected Systems

• canonical•ubuntu_linux

  14.04 | 16.04 | 18.04 | 19.10

• debian•debian_linux

  8.0

• linux•linux_kernel

  ≤ 5.4.6

• netapp•active_iq_unified_manager

  na

• netapp•aff_baseboard_management_controller

  a700s

• netapp•cloud_backup

  na

• netapp•data_availability_services

  na

• netapp•e-series_santricity_os_controller

  ≥ 11.0, ≤ 11.70.2

• netapp•fas\/aff_baseboard_management_controller

  na

• netapp•hci_baseboard_management_controller

  h610s

• netapp•solidfire_\&_hci_management_node

  na

• netapp•solidfire_baseboard_management_controller_firmware

  na

• netapp•steelstore_cloud_integrated_storage

  na

References (9)

• https://github.com/torvalds/linux/commit/da2311a6385c3b499da2ed5d9be59ce331fa93e9
• http://www.openwall.com/lists/oss-security/2019/12/24/1
• https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
• https://security.netapp.com/advisory/ntap-20200204-0002/
• https://usn.ubuntu.com/4285-1/
• https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
• https://usn.ubuntu.com/4284-1/
• https://usn.ubuntu.com/4427-1/
• https://usn.ubuntu.com/4485-1/