VDB
CVE-2019-19947
CVE-2019-19947
PUBLISHED
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.
EPSS 0.11% · 28.6th percentile
Risk Scores
EPSS Score
0.11%
28.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-gcp-4.15 | 0, 4.15.0-1080.90, 4.15.0-1078.88 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:16.04:LTS | linux | 4.4.0-93.116, 4.4.0-91.114, 4.4.0-89.112 |
| Ubuntu:18.04:LTS | linux-oracle-5.0 | 5.0.0-1007.12~18.04.1, 5.0.0-1008.13~18.04.1, 5.0.0-1009.14~18.04.1 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.0.0-16.17~18.04.1, 5.0.0-15.16~18.04.1, 5.0.0-19.20~18.04.1 |
| Ubuntu:22.04:LTS | linux-riscv | 5.15.0-1016.18, 5.15.0-1004.4, 5.15.0-1012.13 |
| Ubuntu:18.04:LTS | linux-azure | *, 5.0.0-1029.31~18.04.1, 5.0.0-1028.30~18.04.1 |
| Ubuntu:18.04:LTS | linux-gcp-5.3 | 0, 5.3.0-1010.11~18.04.1, 5.3.0-1009.10~18.04.1 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-gcp-fips | 0, 4.15.0-1001.1 |
| Ubuntu:16.04:LTS | linux-azure | *, 4.15.0-1057.62, 4.15.0-1071.76 |
| Ubuntu:18.04:LTS | linux-oem-osp1 | 5.0.0-1020.22, 5.0.0-1037.42, 5.0.0-1033.38 |
| Ubuntu:18.04:LTS | linux-gke-5.3 | 5.3.0-1011.12~18.04.1, 0 |
| Ubuntu:18.04:LTS | linux-azure-edge | 4.18.0-1007.7~18.04.1, 5.0.0-1012.12~18.04.2, * |
| Ubuntu:18.04:LTS | linux-kvm | 4.15.0-1023.23, 4.15.0-1036.36, 4.15.0-1038.38 |
| Ubuntu:18.04:LTS | linux-raspi2 | 4.15.0-1017.18, 4.15.0-1065.69, 4.15.0-1018.19 |
| Ubuntu:16.04:LTS | linux-hwe | 4.15.0-55.60~16.04.2, 4.15.0-64.73~16.04.1, 4.15.0-65.74~16.04.1 |
| Ubuntu:18.04:LTS | linux-azure-5.3 | *, 5.3.0-1010.11~18.04.1, 5.3.0-1008.9~18.04.1 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1073.75, 0 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.8.0-30.32~16.04.1, 4.8.0-32.34~16.04.1, 4.8.0-34.36~16.04.1 |
| Ubuntu:16.04:LTS | linux-kvm | 4.4.0-1031.37, 4.4.0-1032.38, 4.4.0-1036.42 |
…and 33 more
Timeline
- Dec 23, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-19947 third-party-advisory
- https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9 third-party-advisory
- http://www.openwall.com/lists/oss-security/2019/12/24/1 third-party-advisory
- https://github.com/torvalds/linux/commit/da2311a6385c3b499da2ed5d9be59ce331fa93e9 third-party-advisory
- https://ubuntu.com/security/notices/USN-4284-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4285-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4427-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4485-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-19947 third-party-advisory