Lucene search

K
redhatcveRedhat.comRH:CVE-2019-19527
HistoryJan 30, 2020 - 10:30 p.m.

CVE-2019-19527

2020-01-3022:30:58
redhat.com
access.redhat.com
18

0.002 Low

EPSS

Percentile

56.7%

A vulnerability was found in hiddev_open in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddev_list cleanup occurs at failure, as this may lead to a use-after-free problem, or possibly escalate privileges to an unauthorized user.

Mitigation

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.