Lucene search

[email protected]CVE-2019-19947

HistoryDec 24, 2019 - 12:15 a.m.

CVE-2019-19947

2019-12-2400:15:00

CWE-908

[email protected]

web.nvd.nist.gov

300

linux kernel

usb

info leak

cve-2019-19947

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.6%

JSON

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle5.4.6
debian:debian_linuxdebian debian linuxeq8.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq19.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq16.04
netapp:cloud_backupnetapp cloud backupeq-
netapp:steelstore_cloud_integrated_storagenetapp steelstore cloud integrated storageeq-
netapp:data_availability_servicesnetapp data availability serviceseq-
netapp:solidfire_\&_hci_management_nodenetapp solidfire \& hci management nodeeq-

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	5.4.6
debian:debian_linux	debian debian linux	eq	8.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	18.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	19.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	16.04
netapp:cloud_backup	netapp cloud backup	eq	-
netapp:steelstore_cloud_integrated_storage	netapp steelstore cloud integrated storage	eq	-
netapp:data_availability_services	netapp data availability services	eq	-
netapp:solidfire_\&_hci_management_node	netapp solidfire \& hci management node	eq	-