CVE-2019-19534

LOW EPSS 39.7%
Published Dec 3, 20196y ago · Modified Jun 17, 20262w ago
2.4 CVSS 3.1
Low
Find Similar
Published Dec 3, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

CVSS Details

Base Score
2.4
Exploitability
0.9
Impact
1.4
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
39.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-909

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel* <5.3.11
debiandebian_linux8.0any
canonicalubuntu_linux14.04any
canonicalubuntu_linux16.04any
canonicalubuntu_linux18.04any
canonicalubuntu_linux19.04any
canonicalubuntu_linux19.10any

References 13

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2019/12/03/4
    Mailing ListThird Party Advisory
  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
    Mailing ListVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd
    PatchVendor Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
    Mailing ListThird Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4225-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4225-2/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4226-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4227-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4227-2/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4228-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4228-2/
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7a1337f0d29b98733c8824e165fca3371d7d4fd
    PatchVendor Advisory