oss-sec mailing list archives
CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities
From: butt3rflyh4ck <butterflyhuangxx () gmail com>
Date: Tue, 24 Dec 2019 10:49:49 +0800
Hi, there some info-leaks vulnerabilities in Linux kernel USB drivers that can be triggered by an external malicious USB device. Description: In the Linux kernel through 5.4.6, there are some information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver. More details in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19947 . Credit: This issue was discovered by the ADLab of venustech.
Current thread:
- CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities butt3rflyh4ck (Dec 23)