Bug 1159929 (CVE-2019-19947) - VUL-0: CVE-2019-19947: kernel-source: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities
Summary: VUL-0: CVE-2019-19947: kernel-source: kvaser_usb: kvaser_usb_leaf: some info-...
Status: RESOLVED FIXED
Alias: CVE-2019-19947
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/249753/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-30 16:51 UTC by Marcus Meissner
Modified: 2024-06-25 14:13 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-12-30 16:51:50 UTC 
CVE-2019-19947

In the Linux kernel through 5.4.6, there are information leaks of uninitialized
memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
driver, aka CID-da2311a6385c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19947
http://seclists.org/oss-sec/2019/q4/173
http://www.openwall.com/lists/oss-security/2019/12/24/1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19947
https://github.com/torvalds/linux/commit/da2311a6385c3b499da2ed5d9be59ce331fa93e9
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19947
Comment 1 Marcus Meissner 2019-12-30 16:52:59 UTC 
fixes by is 4.19+, so only SLES 15 SP2.
Comment 2 Takashi Iwai 2020-01-02 14:12:53 UTC 
Backported to SLE15-SP2 branch now.

Reassigned back to security team.
Comment 3 Alexandros Toptsoglou 2020-04-27 15:28:29 UTC 
Done