medium
4.9
CWE
401 400
Advisory Published
Updated

CVE-2019-19063

First published: Mon Nov 18 2019(Updated: )

A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:3.10.0-1160.rt56.1131.el7
0:3.10.0-1160.rt56.1131.el7
redhat/kernel<0:3.10.0-1160.el7
0:3.10.0-1160.el7
redhat/kernel-rt<0:4.18.0-240.rt7.54.el8
0:4.18.0-240.rt7.54.el8
redhat/kernel<0:4.18.0-240.el8
0:4.18.0-240.el8
debian/linux
5.10.223-1
5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.13-1
Linux Kernel<=5.3.11
Oracle SD-WAN Edge=8.2
Ubuntu=14.04
Ubuntu=16.04
Ubuntu=16.04
Ubuntu=18.04
Ubuntu=19.10
Fedora=30
Fedora=31
openSUSE=15.1
NetApp Active IQ Unified Manager for VMware vSphere
NetApp FAS/AFF Baseboard Management Controller
netapp cloud backup
netapp data availability services
NetApp E-Series SANtricity OS Controller=11.0
NetApp E-Series SANtricity OS Controller=11.0.0
NetApp E-Series SANtricity OS Controller=11.20
NetApp E-Series SANtricity OS Controller=11.25
NetApp E-Series SANtricity OS Controller=11.30
NetApp E-Series SANtricity OS Controller=11.30.5r3
NetApp E-Series SANtricity OS Controller=11.40
NetApp E-Series SANtricity OS Controller=11.40.3r2
NetApp E-Series SANtricity OS Controller=11.40.5
NetApp E-Series SANtricity OS Controller=11.50.1
NetApp E-Series SANtricity OS Controller=11.50.2
NetApp E-Series SANtricity OS Controller=11.50.2-p1
NetApp E-Series SANtricity OS Controller=11.60
NetApp E-Series SANtricity OS Controller=11.60.0
NetApp E-Series SANtricity OS Controller=11.60.1
NetApp E-Series SANtricity OS Controller=11.60.3
NetApp E-Series SANtricity OS Controller=11.70.1
NetApp E-Series SANtricity OS Controller=11.70.2
NetApp FAS/AFF Baseboard Management Controller
netapp hci baseboard management controller=h610s
netapp solidfire\, enterprise sds \& hci storage node
netapp solidfire \& hci management node
NetApp SteelStore
Brocade Fabric OS
All of
netapp hci compute node firmware
netapp hci compute node
All of
netapp solidfire baseboard management controller firmware
netapp solidfire baseboard management controller
netapp hci compute node firmware
netapp hci compute node
netapp solidfire baseboard management controller firmware
netapp solidfire baseboard management controller

Remedy

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8192cu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

Remedy

https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb

Remedy

https://www.oracle.com/security-alerts/cpuApr2021.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2019-19063?

    The severity of CVE-2019-19063 is high as it affects system availability.

  • How do I fix CVE-2019-19063?

    To fix CVE-2019-19063, update to the recommended kernel versions provided by the vendor.

  • What versions are affected by CVE-2019-19063?

    CVE-2019-19063 affects multiple Linux kernel versions prior to 5.3.11 and specific vendor packages as identified.

  • Can CVE-2019-19063 be exploited remotely?

    CVE-2019-19063 requires local access to the system for exploitation, as it manipulates kernel resources.

  • What systems are primarily impacted by CVE-2019-19063?

    Systems running affected versions of the Linux kernel and related vendor packages, including Red Hat and Ubuntu, are primarily impacted.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203