CVE-2019-19526

Updated: 2023-12-06

CWE: Use After Free

Description:

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

CVSS3: 4.6


Vendor State

OS Vendor version Errata
Ubuntu 18.04 4.15.0-72.81 USN-4210-1
Ubuntu 18.04 AWS 4.15.0-1056.58 USN-4210-1
Ubuntu 16.04 HWE 4.15.0-72.81~16.04.1 USN-4210-1
Ubuntu 16.04 AWS HWE 4.15.0-1056.58~16.04.1 USN-4210-1
Ubuntu 16.04 GCP 4.15.0-1050.53 USN-4210-1
Ubuntu 19.04 5.0.0-38.41 USN-4226-1
Ubuntu 18.04 Azure 5.0.0-1028.30~18.04.1 USN-4226-1
Ubuntu 16.04 HWE ESM 4.15.0-72.81~16.04.1 USN-4210-1
Ubuntu 16.04 GCP ESM 4.15.0-1050.53 USN-4210-1
Ubuntu 16.04 AWS HWE ESM 4.15.0-1056.58~16.04.1 USN-4210-1

KernelCare State

OS Original kernel version State
Ubuntu 18.04
Ready For Release
Ubuntu 18.04 AWS
Ready For Release
Ubuntu 16.04 HWE
Ready For Release
Ubuntu 16.04 AWS HWE
Ready For Release
Ubuntu 18.04 GCP
Ready For Release
Ubuntu 16.04 GCP
Will Not Fix
Debian 10
Ready For Release
Ubuntu 19.04
Ready For Release
Endurance 7 eig 4.14
4.14.146-225.ELK.el6 show all hide all
4.14.146-225.ELK.el7
Released
Proofpoint
Ready For Release
Ubuntu 18.04 Azure
Ready For Release
Debian 10 cloud
Ready For Release
Debian 9 backports
Ready For Release
Ubuntu 16.04 HWE ESM
Will Not Fix
Ubuntu 16.04 GCP ESM
Will Not Fix
Ubuntu 16.04 AWS HWE ESM
Will Not Fix