CVE-2019-19533

LOW EPSS 36.5%
Published Dec 3, 20196y ago · Modified Jun 17, 20262w ago
2.4 CVSS 3.1
Low
Find Similar
Published Dec 3, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.

CVSS Details

Base Score
2.4
Exploitability
0.9
Impact
1.4
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
36.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-772

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel* <5.3.4

References 6

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
  • openwall.com http://www.openwall.com/lists/oss-security/2019/12/03/4
    Mailing ListThird Party Advisory
  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
    Vendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1
    PatchVendor Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1
    PatchVendor Advisory