CVE-2019-19966: Use After Free
First published: Wed Dec 25 2019(Updated: )
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <5.1.6 | |
| Debian | =8.0 | |
| SUSE Linux | =15.1 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| NetApp Cloud Backup | ||
| NetApp Data Availability Services | ||
| NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.2 | |
| NetApp FAS/AFF Baseboard Management Controller | ||
| NetApp HCI Baseboard Management Controller | =h610s | |
| NetApp SolidFire & HCI Management Node | ||
| NetApp SteelStore Cloud Integrated Storage | ||
| NetApp FAS/AFF Baseboard Management Controller | =a700s | |
| NetApp SolidFire |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dea37a97265588da604c6ba80160a287b72c7bfd
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://security.netapp.com/advisory/ntap-20200204-0002/
Frequently Asked Questions
What is CVE-2019-19966?
CVE-2019-19966 is a vulnerability in the Linux kernel before version 5.1.6 that allows for a use-after-free vulnerability in the cpia2_exit() function, resulting in denial of service.
What is the severity of CVE-2019-19966?
The severity of CVE-2019-19966 is medium, with a CVSS score of 4.6.
Which software is affected by CVE-2019-19966?
The Linux kernel versions before 5.1.6, Debian Linux 8.0, openSUSE Leap 15.1, and some Netapp products are affected by CVE-2019-19966.
How can I fix CVE-2019-19966?
To fix CVE-2019-19966, update the Linux kernel to version 5.1.6 or apply the appropriate patches provided by your Linux distribution.
Where can I find more information about CVE-2019-19966?
You can find more information about CVE-2019-19966 in the following references: [link1], [link2], [link3].
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.1
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp data availability services
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0
- version/netapp e-series santricity os controller/11.70.2
- canonical/netapp fas/aff baseboard management controller
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h610s
- canonical/netapp solidfire & hci management node
- canonical/netapp steelstore cloud integrated storage
- version/netapp fas/aff baseboard management controller/a700s
- canonical/netapp solidfire