UBUNTU-CVE-2019-19947

Description

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

CVSS Metrics

• v3.1•MEDIUM•Score: 4.6CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Systems

• ubuntu•linux

  all | < 4.4.0-186.216 | < 4.15.0-115.116

• ubuntu•linux-aws

  < 4.4.0-1075.79 | < 4.4.0-1111.123 | < 4.15.0-1080.84

• ubuntu•linux-aws-5.0

  < 5.0.0-1025.28

• ubuntu•linux-aws-fips

  < 4.15.0-2025.25 | all

• ubuntu•linux-aws-hwe

  < 4.15.0-1080.84~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1093.103~14.04.1 | < 4.15.0-1093.103~16.04.1 | < 5.0.0-1032.34

• ubuntu•linux-azure-4.15

  < 4.15.0-1093.103

• ubuntu•linux-azure-5.3

  < 5.3.0-1013.14~18.04.1

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2007.8 | all

• ubuntu•linux-bluefield

  all

• ubuntu•linux-fips

  < 4.4.0-1043.48 | all | < 4.15.0-1039.44

• ubuntu•linux-gcp

  < 4.15.0-1081.92~16.04.1 | < 5.0.0-1031.32

• ubuntu•linux-gcp-4.15

  < 4.15.0-1081.92

• ubuntu•linux-gcp-5.3

  < 5.3.0-1012.13~18.04.1

• ubuntu•linux-gcp-edge

  all

• ubuntu•linux-gcp-fips

  all

• ubuntu•linux-gke

  all

• ubuntu•linux-gke-4.15

  < 4.15.0-1067.70

• ubuntu•linux-gke-5.0

  < 5.0.0-1030.31

• ubuntu•linux-gke-5.3

  < 5.3.0-1012.13~18.04.1

• ubuntu•linux-hwe

  < 4.15.0-115.116~16.04.1 | < 5.3.0-40.32~18.04.1

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-kvm

  < 4.4.0-1077.84 | < 4.15.0-1072.73

• ubuntu•linux-lts-xenial

  < 4.4.0-186.216~14.04.1

• ubuntu•linux-nvidia

  all

• ubuntu•linux-oem

  < 4.15.0-1094.104

• ubuntu•linux-oem-osp1

  < 5.0.0-1039.44

• ubuntu•linux-oracle

  < 4.15.0-1051.55~16.04.1 | < 4.15.0-1051.55

• ubuntu•linux-oracle-5.0

  < 5.0.0-1011.16

• ubuntu•linux-raspi-realtime

  all

• ubuntu•linux-raspi2

  < 4.4.0-1136.145 | < 4.15.0-1068.72 | all

• ubuntu•linux-raspi2-5.3

  < 5.3.0-1018.20~18.04.1

• ubuntu•linux-realtime

  all

• ubuntu•linux-riscv

  all

• ubuntu•linux-snapdragon

  < 4.4.0-1140.148 | < 4.15.0-1084.92

References (9)

• https://ubuntu.com/security/CVE-2019-19947
• https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9
• http://www.openwall.com/lists/oss-security/2019/12/24/1
• https://github.com/torvalds/linux/commit/da2311a6385c3b499da2ed5d9be59ce331fa93e9
• https://ubuntu.com/security/notices/USN-4284-1
• https://ubuntu.com/security/notices/USN-4285-1
• https://ubuntu.com/security/notices/USN-4427-1
• https://ubuntu.com/security/notices/USN-4485-1
• https://www.cve.org/CVERecord?id=CVE-2019-19947