First published: Tue Dec 03 2019(Updated: )
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <5.2.9 | |
Debian Debian Linux | =8.0 | |
openSUSE Leap | =15.1 | |
Oracle SD-WAN Edge | =8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19535 is an info-leak bug that can be caused by a malicious USB device in the Linux kernel before version 5.2.9.
CVE-2019-19535 has a severity rating of 4.6 (medium).
The Linux kernel before version 5.2.9, Debian Linux 8.0, openSUSE Leap 15.1, and Oracle SD-WAN Edge 8.2 are affected by CVE-2019-19535.
To fix CVE-2019-19535, you should update your Linux kernel to version 5.2.9 or later.
You can find more information about CVE-2019-19535 in the following references: [link1](http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html), [link2](http://www.openwall.com/lists/oss-security/2019/12/03/4), [link3](https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.9).