Details of VAR-201911-1405

ID

VAR-201911-1405

CVE

CVE-2019-19052

TITLE

Linux Kernel Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-012046

DESCRIPTION

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. Linux Kernel Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability CID-fb5be6a7b486 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ========================================================================= Ubuntu Security Notice USN-4226-1 January 07, 2020 linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws-5.0: Linux kernel for Amazon Web Services (AWS) systems - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-oem-osp1: Linux kernel for OEM processors - linux-oracle-5.0: Linux kernel for Oracle Cloud systems Details: Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. (CVE-2019-10220) It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19045) It was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19048) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19052) It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. (CVE-2019-19055) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19060) It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19065) It was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19067) It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19072) It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19075) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the NXP PN533 NFC USB driver in the Linux kernel did not properly free resources after a late probe error, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19526) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that multiple USB HID device drivers in the Linux kernel did not properly validate device metadata on attachment, leading to out-of- bounds writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19532) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) It was discovered that in some situations the fair scheduler in the Linux kernel did not permit a process to use its full quota time slice. A local attacker could use this to cause a denial of service. (CVE-2019-19922) It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2214) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. (CVE-2019-18813) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1009-oracle 5.0.0-1009.14 linux-image-5.0.0-1023-aws 5.0.0-1023.26 linux-image-5.0.0-1024-kvm 5.0.0-1024.26 linux-image-5.0.0-1024-raspi2 5.0.0-1024.25 linux-image-5.0.0-1028-azure 5.0.0-1028.30 linux-image-5.0.0-1028-gcp 5.0.0-1028.29 linux-image-5.0.0-38-generic 5.0.0-38.41 linux-image-5.0.0-38-generic-lpae 5.0.0-38.41 linux-image-5.0.0-38-lowlatency 5.0.0-38.41 linux-image-aws 5.0.0.1023.25 linux-image-azure 5.0.0.1028.28 linux-image-gcp 5.0.0.1028.53 linux-image-generic 5.0.0.38.40 linux-image-generic-lpae 5.0.0.38.40 linux-image-gke 5.0.0.1028.53 linux-image-kvm 5.0.0.1024.25 linux-image-lowlatency 5.0.0.38.40 linux-image-oracle 5.0.0.1009.35 linux-image-raspi2 5.0.0.1024.22 linux-image-virtual 5.0.0.38.40 Ubuntu 18.04 LTS: linux-image-5.0.0-1009-oracle 5.0.0-1009.14~18.04.1 linux-image-5.0.0-1023-aws 5.0.0-1023.26~18.04.1 linux-image-5.0.0-1027-gke 5.0.0-1027.28~18.04.1 linux-image-5.0.0-1028-azure 5.0.0-1028.30~18.04.1 linux-image-5.0.0-1033-oem-osp1 5.0.0-1033.38 linux-image-aws-edge 5.0.0.1023.37 linux-image-azure 5.0.0.1028.39 linux-image-gke-5.0 5.0.0.1027.16 linux-image-oem-osp1 5.0.0.1033.37 linux-image-oracle-edge 5.0.0.1009.8 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4226-1 CVE-2019-10220, CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901, CVE-2019-16231, CVE-2019-16233, CVE-2019-17075, CVE-2019-17133, CVE-2019-18660, CVE-2019-18813, CVE-2019-19045, CVE-2019-19048, CVE-2019-19052, CVE-2019-19055, CVE-2019-19060, CVE-2019-19065, CVE-2019-19067, CVE-2019-19072, CVE-2019-19075, CVE-2019-19083, CVE-2019-19524, CVE-2019-19526, CVE-2019-19529, CVE-2019-19532, CVE-2019-19534, CVE-2019-19922, CVE-2019-2214 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-38.41 https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1023.26 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1028.29 https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1024.26 https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1009.14 https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1024.25 https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1023.26~18.04.1 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30~18.04.1 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1027.28~18.04.1 https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1033.38 https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1009.14~18.04.1

Trust: 2.43

sources: NVD: CVE-2019-19052 // JVNDB: JVNDB-2019-012046 // VULHUB: VHN-151460 // VULMON: CVE-2019-19052 // PACKETSTORM: 155856 // PACKETSTORM: 155853 // PACKETSTORM: 155855 // PACKETSTORM: 155854 // PACKETSTORM: 155867 // PACKETSTORM: 155995 // PACKETSTORM: 155866

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	lt	version:	4.4.201	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.60.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.84	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.20	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci baseboard management controller	scope:	eq	version:	h610s	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.60	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.40	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.40.3r2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.14.154	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.70.1	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.60.1	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	3.16.79	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.10	Trust: 1.0
vendor:	netapp	model:	solidfire\, enterprise sds \& hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.50.2	Trust: 1.0
vendor:	netapp	model:	fas\/aff baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.15	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.25	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.3.11	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	3.17	Trust: 1.0
vendor:	netapp	model:	data availability services	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.9.201	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.30	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.30.5r3	Trust: 1.0
vendor:	netapp	model:	solidfire \& hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.5	Trust: 1.0
vendor:	oracle	model:	sd-wan edge	scope:	eq	version:	8.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	3.16	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.20	Trust: 1.0
vendor:	netapp	model:	aff baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.40.5	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.70.2	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.50.1	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	eq	version:	11.60.3	Trust: 1.0
vendor:	netapp	model:	solidfire baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	broadcom	model:	brocade fabric operating system	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lte	version:	5.3.11	Trust: 0.8

sources: JVNDB: JVNDB-2019-012046 // NVD: CVE-2019-19052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19052
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-19052
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-1073
value:	HIGH
Trust: 0.6
VULHUB:	VHN-151460
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-19052
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-19052
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-151460
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-19052
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-19052
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-151460 // VULMON: CVE-2019-19052 // JVNDB: JVNDB-2019-012046 // CNNVD: CNNVD-201911-1073 // NVD: CVE-2019-19052

PROBLEMTYPE DATA

problemtype:	CWE-401	Trust: 1.1
problemtype:	CWE-400	Trust: 0.8

sources: VULHUB: VHN-151460 // JVNDB: JVNDB-2019-012046 // NVD: CVE-2019-19052

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1073

TYPE

overflow, arbitrary

Trust: 0.7

sources: PACKETSTORM: 155856 // PACKETSTORM: 155853 // PACKETSTORM: 155855 // PACKETSTORM: 155854 // PACKETSTORM: 155867 // PACKETSTORM: 155995 // PACKETSTORM: 155866

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012046

PATCH

title:	ChangeLog-5.3.11	url:	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11	Trust: 0.8
title:	can: gs_usb: gs_can_open(): prevent memory leak	url:	https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817	Trust: 0.8
title:	Linux Kernel Archives	url:	http://www.kernel.org	Trust: 0.8
title:	Linux kernel Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103403	Trust: 0.6
title:	Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4228-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4228-2	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4227-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-azure vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4227-2	Trust: 0.1
title:	Ubuntu Security Notice: linux-hwe vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4225-2	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4225-1	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4226-1	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-19052	Trust: 0.1
title:	cve_diff_checker	url:	https://github.com/lcatro/cve_diff_checker	Trust: 0.1

sources: VULMON: CVE-2019-19052 // JVNDB: JVNDB-2019-012046 // CNNVD: CNNVD-201911-1073

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19052	Trust: 3.3
db:	JVNDB	id:	JVNDB-2019-012046	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1073	Trust: 0.7
db:	PACKETSTORM	id:	155856	Trust: 0.7
db:	PACKETSTORM	id:	155867	Trust: 0.7
db:	PACKETSTORM	id:	155995	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0851	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1745.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0052	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4793	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0200	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4704	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0766	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1745	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0830	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0141	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4584	Trust: 0.6
db:	VULHUB	id:	VHN-151460	Trust: 0.1
db:	VULMON	id:	CVE-2019-19052	Trust: 0.1
db:	PACKETSTORM	id:	155853	Trust: 0.1
db:	PACKETSTORM	id:	155855	Trust: 0.1
db:	PACKETSTORM	id:	155854	Trust: 0.1
db:	PACKETSTORM	id:	155866	Trust: 0.1

sources: VULHUB: VHN-151460 // VULMON: CVE-2019-19052 // JVNDB: JVNDB-2019-012046 // PACKETSTORM: 155856 // PACKETSTORM: 155853 // PACKETSTORM: 155855 // PACKETSTORM: 155854 // PACKETSTORM: 155867 // PACKETSTORM: 155995 // PACKETSTORM: 155866 // CNNVD: CNNVD-201911-1073 // NVD: CVE-2019-19052

REFERENCES

url:	https://usn.ubuntu.com/4228-1/	Trust: 2.5
url:	https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html	Trust: 2.4
url:	https://usn.ubuntu.com/4225-1/	Trust: 2.4
url:	https://usn.ubuntu.com/4226-1/	Trust: 2.4
url:	https://usn.ubuntu.com/4227-1/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19052	Trust: 2.1
url:	https://security.netapp.com/advisory/ntap-20191205-0001/	Trust: 1.8
url:	https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.3.11	Trust: 1.8
url:	https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html	Trust: 1.8
url:	https://usn.ubuntu.com/4225-2/	Trust: 1.8
url:	https://usn.ubuntu.com/4227-2/	Trust: 1.8
url:	https://usn.ubuntu.com/4228-2/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19052	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19524	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18660	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19534	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14895	Trust: 0.6
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193381-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193317-1.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/linux-kernel-five-vulnerabilities-via-memory-leak-30910	Trust: 0.6
url:	https://packetstormsecurity.com/files/155867/ubuntu-security-notice-usn-4227-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4704/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155995/ubuntu-security-notice-usn-4225-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0766/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0052/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4793/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0851/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1745.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4584/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0830/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0200/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0141/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155856/ubuntu-security-notice-usn-4228-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1745/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346.2/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16231	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19045	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19529	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18813	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19807	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19072	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19055	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16233	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19083	Trust: 0.3
url:	https://usn.ubuntu.com/4228-1	Trust: 0.2
url:	https://usn.ubuntu.com/4225-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19051	Trust: 0.2
url:	https://usn.ubuntu.com/4227-1	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-19052	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1100.111	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1131.139	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1127.136	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.4.0-171.200	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1064.71	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1009.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp-5.3/5.3.0-1010.11~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure-5.3/5.3.0-1009.10~18.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19047	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19044	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1009.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1011.12	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/5.3.0-26.28	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1015.17	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.3.0-1009.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/5.3.0-1008.9	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1052.52	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1070.77	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.15.0-74.84	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1066.71	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1050.53	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1066.76	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1031.34~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1057.59	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1053.57	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-74.83~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1057.59~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1052.56	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1031.34	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30~18.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19048	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1024.25	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1024.26	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1009.14~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1028.29	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1023.26	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19065	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19060	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10220	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19067	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2214	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19526	Trust: 0.1
url:	https://usn.ubuntu.com/4226-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1027.28~18.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19922	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14901	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/5.0.0-38.41	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17075	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1033.38	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17133	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1009.14	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19075	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19532	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1023.26~18.04.1	Trust: 0.1
url:	https://usn.ubuntu.com/4227-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-26.28~18.04.1	Trust: 0.1
url:	https://usn.ubuntu.com/4225-2	Trust: 0.1
url:	https://usn.ubuntu.com/4228-2	Trust: 0.1

CREDITS

Ubuntu

Trust: 1.3

sources: PACKETSTORM: 155856 // PACKETSTORM: 155853 // PACKETSTORM: 155855 // PACKETSTORM: 155854 // PACKETSTORM: 155867 // PACKETSTORM: 155995 // PACKETSTORM: 155866 // CNNVD: CNNVD-201911-1073

SOURCES

db:	VULHUB	id:	VHN-151460
db:	VULMON	id:	CVE-2019-19052
db:	JVNDB	id:	JVNDB-2019-012046
db:	PACKETSTORM	id:	155856
db:	PACKETSTORM	id:	155853
db:	PACKETSTORM	id:	155855
db:	PACKETSTORM	id:	155854
db:	PACKETSTORM	id:	155867
db:	PACKETSTORM	id:	155995
db:	PACKETSTORM	id:	155866
db:	CNNVD	id:	CNNVD-201911-1073
db:	NVD	id:	CVE-2019-19052

LAST UPDATE DATE

2024-08-14T12:47:09.179000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151460	date:	2023-01-19T00:00:00
db:	VULMON	id:	CVE-2019-19052	date:	2022-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2019-012046	date:	2019-11-25T00:00:00
db:	CNNVD	id:	CNNVD-201911-1073	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2019-19052	date:	2023-01-19T16:48:31.577

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151460	date:	2019-11-18T00:00:00
db:	VULMON	id:	CVE-2019-19052	date:	2019-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-012046	date:	2019-11-25T00:00:00
db:	PACKETSTORM	id:	155856	date:	2020-01-07T16:46:53
db:	PACKETSTORM	id:	155853	date:	2020-01-07T16:46:28
db:	PACKETSTORM	id:	155855	date:	2020-01-07T16:46:45
db:	PACKETSTORM	id:	155854	date:	2020-01-07T16:46:38
db:	PACKETSTORM	id:	155867	date:	2020-01-08T00:40:16
db:	PACKETSTORM	id:	155995	date:	2020-01-18T14:53:54
db:	PACKETSTORM	id:	155866	date:	2020-01-08T00:40:10
db:	CNNVD	id:	CNNVD-201911-1073	date:	2019-11-18T00:00:00
db:	NVD	id:	CVE-2019-19052	date:	2019-11-18T06:15:11.827