oss-sec mailing list archives

CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities

From: butt3rflyh4ck <butterflyhuangxx () gmail com>
Date: Tue, 24 Dec 2019 10:49:49 +0800

Hi, there some info-leaks vulnerabilities in Linux kernel USB drivers that
can be triggered by an external malicious USB device.

Description:

In the Linux kernel through 5.4.6, there are some information leaks of
uninitialized memory to a USB device in the
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver.

More details in
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19947 .

Credit:

This issue was discovered by the ADLab of venustech.

Current thread:

CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities butt3rflyh4ck (Dec 23)