CVE-2019-19528 - OpenCVE

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:P/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-305.rt7.72.el8	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2021:1739	2021-05-18T00:00:00Z
kernel-0:4.18.0-305.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2021:1578	2021-05-18T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
http://www.openwall.com/lists/oss-security/2019/12/03/4
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c468a8aa790e0dfe0a7f8a39db282d39c2c00b46
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edc4746f253d907d048de680a621e121517f484b
https://nvd.nist.gov/vuln/detail/CVE-2019-19528
https://www.cve.org/CVERecord?id=CVE-2019-19528

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-03T15:41:11

Updated: 2024-08-05T02:16:48.035Z

Reserved: 2019-12-03T00:00:00

Link: CVE-2019-19528

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-03T16:15:13.017

Modified: 2020-03-31T14:01:38.390

Link: CVE-2019-19528

Redhat

Severity : Moderate

Publid Date: 2019-10-09T00:00:00Z

Links: CVE-2019-19528 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-12T15:06:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edc4746f253d907d048de680a621e121517f484b"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c468a8aa790e0dfe0a7f8a39db282d39c2c00b46"}, {"name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"}, {"name": "openSUSE-SU-2019:2675", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19528", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edc4746f253d907d048de680a621e121517f484b", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edc4746f253d907d048de680a621e121517f484b"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c468a8aa790e0dfe0a7f8a39db282d39c2c00b46", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c468a8aa790e0dfe0a7f8a39db282d39c2c00b46"}, {"name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"}, {"name": "openSUSE-SU-2019:2675", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:16:48.035Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edc4746f253d907d048de680a621e121517f484b"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c468a8aa790e0dfe0a7f8a39db282d39c2c00b46"}, {"name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"}, {"name": "openSUSE-SU-2019:2675", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19528", "datePublished": "2019-12-03T15:41:11", "dateReserved": "2019-12-03T00:00:00", "dateUpdated": "2024-08-05T02:16:48.035Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "80272220-68F1-4FD8-848E-ABD164947D06", "versionEndExcluding": "5.3.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d."}, {"lang": "es", "value": "En el kernel de Linux versiones anteriores a 5.3.7, se presenta un bug de uso de la memoria previamente liberada que puede ser causado por un dispositivo USB malicioso en el controlador del archivo drivers/usb/misc/iowarrior.c, tambi\u00e9n se conoce como CID-edc4746f253d."}], "id": "CVE-2019-19528", "lastModified": "2020-03-31T14:01:38.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-03T16:15:13.017", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c468a8aa790e0dfe0a7f8a39db282d39c2c00b46"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edc4746f253d907d048de680a621e121517f484b"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1739", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-305.rt7.72.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1578", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-305.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver", "id": "1783507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783507"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.", "A use-after-free flaw was found in iowarrior_disconnect in iowarrior USB driver module were a flag was simultaneously modified causing a race between a device open and disconnect. This flaw could allow a physical attacker to cause a denial of service (DoS) attack. This vulnerability could even lead to a kernel information leak problem."], "mitigation": {"lang": "en:us", "value": "This flaw can be mitigated by preventing the affected USB IO-Warrior driver (iowarrior) kernel module from loading during the boot time, ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~"}, "name": "CVE-2019-19528", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-19528\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19528"], "threat_severity": "Moderate"}