ID

VAR-201911-1405


CVE

CVE-2019-19052


TITLE

Linux Kernel Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-012046

DESCRIPTION

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. Linux Kernel Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability CID-fb5be6a7b486 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ========================================================================= Ubuntu Security Notice USN-4226-1 January 07, 2020 linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws-5.0: Linux kernel for Amazon Web Services (AWS) systems - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-oem-osp1: Linux kernel for OEM processors - linux-oracle-5.0: Linux kernel for Oracle Cloud systems Details: Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. (CVE-2019-10220) It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19045) It was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19048) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19052) It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. (CVE-2019-19055) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19060) It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19065) It was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19067) It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19072) It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19075) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the NXP PN533 NFC USB driver in the Linux kernel did not properly free resources after a late probe error, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19526) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that multiple USB HID device drivers in the Linux kernel did not properly validate device metadata on attachment, leading to out-of- bounds writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19532) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) It was discovered that in some situations the fair scheduler in the Linux kernel did not permit a process to use its full quota time slice. A local attacker could use this to cause a denial of service. (CVE-2019-19922) It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2214) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. (CVE-2019-18813) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1009-oracle 5.0.0-1009.14 linux-image-5.0.0-1023-aws 5.0.0-1023.26 linux-image-5.0.0-1024-kvm 5.0.0-1024.26 linux-image-5.0.0-1024-raspi2 5.0.0-1024.25 linux-image-5.0.0-1028-azure 5.0.0-1028.30 linux-image-5.0.0-1028-gcp 5.0.0-1028.29 linux-image-5.0.0-38-generic 5.0.0-38.41 linux-image-5.0.0-38-generic-lpae 5.0.0-38.41 linux-image-5.0.0-38-lowlatency 5.0.0-38.41 linux-image-aws 5.0.0.1023.25 linux-image-azure 5.0.0.1028.28 linux-image-gcp 5.0.0.1028.53 linux-image-generic 5.0.0.38.40 linux-image-generic-lpae 5.0.0.38.40 linux-image-gke 5.0.0.1028.53 linux-image-kvm 5.0.0.1024.25 linux-image-lowlatency 5.0.0.38.40 linux-image-oracle 5.0.0.1009.35 linux-image-raspi2 5.0.0.1024.22 linux-image-virtual 5.0.0.38.40 Ubuntu 18.04 LTS: linux-image-5.0.0-1009-oracle 5.0.0-1009.14~18.04.1 linux-image-5.0.0-1023-aws 5.0.0-1023.26~18.04.1 linux-image-5.0.0-1027-gke 5.0.0-1027.28~18.04.1 linux-image-5.0.0-1028-azure 5.0.0-1028.30~18.04.1 linux-image-5.0.0-1033-oem-osp1 5.0.0-1033.38 linux-image-aws-edge 5.0.0.1023.37 linux-image-azure 5.0.0.1028.39 linux-image-gke-5.0 5.0.0.1027.16 linux-image-oem-osp1 5.0.0.1033.37 linux-image-oracle-edge 5.0.0.1009.8 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4226-1 CVE-2019-10220, CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901, CVE-2019-16231, CVE-2019-16233, CVE-2019-17075, CVE-2019-17133, CVE-2019-18660, CVE-2019-18813, CVE-2019-19045, CVE-2019-19048, CVE-2019-19052, CVE-2019-19055, CVE-2019-19060, CVE-2019-19065, CVE-2019-19067, CVE-2019-19072, CVE-2019-19075, CVE-2019-19083, CVE-2019-19524, CVE-2019-19526, CVE-2019-19529, CVE-2019-19532, CVE-2019-19534, CVE-2019-19922, CVE-2019-2214 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-38.41 https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1023.26 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1028.29 https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1024.26 https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1009.14 https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1024.25 https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1023.26~18.04.1 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30~18.04.1 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1027.28~18.04.1 https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1033.38 https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1009.14~18.04.1

Trust: 2.43

sources: NVD: CVE-2019-19052 // JVNDB: JVNDB-2019-012046 // VULHUB: VHN-151460 // VULMON: CVE-2019-19052 // PACKETSTORM: 155856 // PACKETSTORM: 155853 // PACKETSTORM: 155855 // PACKETSTORM: 155854 // PACKETSTORM: 155867 // PACKETSTORM: 155995 // PACKETSTORM: 155866

AFFECTED PRODUCTS

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.30

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.60.3

Trust: 1.0

vendor:broadcommodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.16.79

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.5

Trust: 1.0

vendor:netappmodel:data availability servicesscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.4.201

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.60

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.40.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.84

Trust: 1.0

vendor:netappmodel:fas\/aff baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.16

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.40

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.70.1

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.3.11

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:aff baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.154

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.30.5r3

Trust: 1.0

vendor:netappmodel:solidfire \& hci management nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.50.1

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.60.1

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.0

Trust: 1.0

vendor:netappmodel:hci baseboard management controllerscope:eqversion:h610s

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.40.3r2

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.10

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.50.2

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.60.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.70.2

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:8.2

Trust: 1.0

vendor:netappmodel:solidfire baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.20

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.25

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:eqversion:11.0.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.17

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.201

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:5.3.11

Trust: 0.8

sources: JVNDB: JVNDB-2019-012046 // NVD: CVE-2019-19052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19052
value: HIGH

Trust: 1.0

NVD: CVE-2019-19052
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-1073
value: HIGH

Trust: 0.6

VULHUB: VHN-151460
value: HIGH

Trust: 0.1

VULMON: CVE-2019-19052
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-19052
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-151460
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19052
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-19052
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151460 // VULMON: CVE-2019-19052 // JVNDB: JVNDB-2019-012046 // CNNVD: CNNVD-201911-1073 // NVD: CVE-2019-19052

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.1

problemtype:CWE-400

Trust: 0.8

sources: VULHUB: VHN-151460 // JVNDB: JVNDB-2019-012046 // NVD: CVE-2019-19052

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1073

TYPE

overflow, arbitrary

Trust: 0.7

sources: PACKETSTORM: 155856 // PACKETSTORM: 155853 // PACKETSTORM: 155855 // PACKETSTORM: 155854 // PACKETSTORM: 155867 // PACKETSTORM: 155995 // PACKETSTORM: 155866

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012046

PATCH

title:ChangeLog-5.3.11url:https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11

Trust: 0.8

title:can: gs_usb: gs_can_open(): prevent memory leakurl:https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817

Trust: 0.8

title:Linux Kernel Archivesurl:http://www.kernel.org

Trust: 0.8

title:Linux kernel Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103403

Trust: 0.6

title:Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4228-1

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4228-2

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4227-1

Trust: 0.1

title:Ubuntu Security Notice: linux-azure vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4227-2

Trust: 0.1

title:Ubuntu Security Notice: linux-hwe vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4225-2

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux-raspi2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4225-1

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4226-1

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2019-19052

Trust: 0.1

title:cve_diff_checkerurl:https://github.com/lcatro/cve_diff_checker

Trust: 0.1

sources: VULMON: CVE-2019-19052 // JVNDB: JVNDB-2019-012046 // CNNVD: CNNVD-201911-1073

EXTERNAL IDS

db:NVDid:CVE-2019-19052

Trust: 3.3

db:JVNDBid:JVNDB-2019-012046

Trust: 0.8

db:CNNVDid:CNNVD-201911-1073

Trust: 0.7

db:PACKETSTORMid:155856

Trust: 0.7

db:PACKETSTORMid:155867

Trust: 0.7

db:PACKETSTORMid:155995

Trust: 0.7

db:AUSCERTid:ESB-2020.0851

Trust: 0.6

db:AUSCERTid:ESB-2020.1745.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0052

Trust: 0.6

db:AUSCERTid:ESB-2019.4793

Trust: 0.6

db:AUSCERTid:ESB-2020.0200

Trust: 0.6

db:AUSCERTid:ESB-2019.4346.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4704

Trust: 0.6

db:AUSCERTid:ESB-2020.0766

Trust: 0.6

db:AUSCERTid:ESB-2020.1745

Trust: 0.6

db:AUSCERTid:ESB-2020.0830

Trust: 0.6

db:AUSCERTid:ESB-2020.0141

Trust: 0.6

db:AUSCERTid:ESB-2019.4584

Trust: 0.6

db:VULHUBid:VHN-151460

Trust: 0.1

db:VULMONid:CVE-2019-19052

Trust: 0.1

db:PACKETSTORMid:155853

Trust: 0.1

db:PACKETSTORMid:155855

Trust: 0.1

db:PACKETSTORMid:155854

Trust: 0.1

db:PACKETSTORMid:155866

Trust: 0.1

sources: VULHUB: VHN-151460 // VULMON: CVE-2019-19052 // JVNDB: JVNDB-2019-012046 // PACKETSTORM: 155856 // PACKETSTORM: 155853 // PACKETSTORM: 155855 // PACKETSTORM: 155854 // PACKETSTORM: 155867 // PACKETSTORM: 155995 // PACKETSTORM: 155866 // CNNVD: CNNVD-201911-1073 // NVD: CVE-2019-19052

REFERENCES

url:https://usn.ubuntu.com/4228-1/

Trust: 2.5

url:https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html

Trust: 2.4

url:https://usn.ubuntu.com/4225-1/

Trust: 2.4

url:https://usn.ubuntu.com/4226-1/

Trust: 2.4

url:https://usn.ubuntu.com/4227-1/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19052

Trust: 2.1

url:https://security.netapp.com/advisory/ntap-20191205-0001/

Trust: 1.8

url:https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.3.11

Trust: 1.8

url:https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Trust: 1.8

url:https://usn.ubuntu.com/4225-2/

Trust: 1.8

url:https://usn.ubuntu.com/4227-2/

Trust: 1.8

url:https://usn.ubuntu.com/4228-2/

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19052

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-19524

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-18660

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-19534

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-14895

Trust: 0.6

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193381-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193317-1.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-five-vulnerabilities-via-memory-leak-30910

Trust: 0.6

url:https://packetstormsecurity.com/files/155867/ubuntu-security-notice-usn-4227-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4704/

Trust: 0.6

url:https://packetstormsecurity.com/files/155995/ubuntu-security-notice-usn-4225-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0766/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0052/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4793/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0851/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1745.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4584/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0830/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0200/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0141/

Trust: 0.6

url:https://packetstormsecurity.com/files/155856/ubuntu-security-notice-usn-4228-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1745/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346.2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-16231

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-19045

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-19529

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-18813

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19807

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19072

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19055

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-16233

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19083

Trust: 0.3

url:https://usn.ubuntu.com/4228-1

Trust: 0.2

url:https://usn.ubuntu.com/4225-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19051

Trust: 0.2

url:https://usn.ubuntu.com/4227-1

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/401.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2019-19052

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1100.111

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1131.139

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1127.136

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.4.0-171.200

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1064.71

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1009.10

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp-5.3/5.3.0-1010.11~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-5.3/5.3.0-1009.10~18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19047

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19044

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1009.10

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1011.12

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.3.0-26.28

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1015.17

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.3.0-1009.10

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.3.0-1008.9

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1052.52

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1070.77

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.15.0-74.84

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1066.71

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1050.53

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1066.76

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1031.34~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1057.59

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1053.57

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-74.83~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1057.59~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1052.56

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1031.34

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30~18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19048

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1024.25

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1024.26

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1009.14~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1028.29

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1023.26

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19065

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19060

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10220

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19067

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2214

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19526

Trust: 0.1

url:https://usn.ubuntu.com/4226-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1027.28~18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19922

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14901

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.0.0-38.41

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17075

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1033.38

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17133

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1009.14

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19075

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19532

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1023.26~18.04.1

Trust: 0.1

url:https://usn.ubuntu.com/4227-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-26.28~18.04.1

Trust: 0.1

url:https://usn.ubuntu.com/4225-2

Trust: 0.1

url:https://usn.ubuntu.com/4228-2

Trust: 0.1

sources: VULHUB: VHN-151460 // VULMON: CVE-2019-19052 // JVNDB: JVNDB-2019-012046 // PACKETSTORM: 155856 // PACKETSTORM: 155853 // PACKETSTORM: 155855 // PACKETSTORM: 155854 // PACKETSTORM: 155867 // PACKETSTORM: 155995 // PACKETSTORM: 155866 // CNNVD: CNNVD-201911-1073 // NVD: CVE-2019-19052

CREDITS

Ubuntu

Trust: 1.3

sources: PACKETSTORM: 155856 // PACKETSTORM: 155853 // PACKETSTORM: 155855 // PACKETSTORM: 155854 // PACKETSTORM: 155867 // PACKETSTORM: 155995 // PACKETSTORM: 155866 // CNNVD: CNNVD-201911-1073

SOURCES

db:VULHUBid:VHN-151460
db:VULMONid:CVE-2019-19052
db:JVNDBid:JVNDB-2019-012046
db:PACKETSTORMid:155856
db:PACKETSTORMid:155853
db:PACKETSTORMid:155855
db:PACKETSTORMid:155854
db:PACKETSTORMid:155867
db:PACKETSTORMid:155995
db:PACKETSTORMid:155866
db:CNNVDid:CNNVD-201911-1073
db:NVDid:CVE-2019-19052

LAST UPDATE DATE

2024-11-23T21:02:18.339000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-151460date:2023-01-19T00:00:00
db:VULMONid:CVE-2019-19052date:2022-11-08T00:00:00
db:JVNDBid:JVNDB-2019-012046date:2019-11-25T00:00:00
db:CNNVDid:CNNVD-201911-1073date:2021-06-15T00:00:00
db:NVDid:CVE-2019-19052date:2024-11-21T04:34:04.730

SOURCES RELEASE DATE

db:VULHUBid:VHN-151460date:2019-11-18T00:00:00
db:VULMONid:CVE-2019-19052date:2019-11-18T00:00:00
db:JVNDBid:JVNDB-2019-012046date:2019-11-25T00:00:00
db:PACKETSTORMid:155856date:2020-01-07T16:46:53
db:PACKETSTORMid:155853date:2020-01-07T16:46:28
db:PACKETSTORMid:155855date:2020-01-07T16:46:45
db:PACKETSTORMid:155854date:2020-01-07T16:46:38
db:PACKETSTORMid:155867date:2020-01-08T00:40:16
db:PACKETSTORMid:155995date:2020-01-18T14:53:54
db:PACKETSTORMid:155866date:2020-01-08T00:40:10
db:CNNVDid:CNNVD-201911-1073date:2019-11-18T00:00:00
db:NVDid:CVE-2019-19052date:2019-11-18T06:15:11.827