CVE-2019-19532 in Ubuntu

CVE-2019-19532

Priority

Description

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write
bugs that can be caused by a malicious USB device in the Linux kernel HID
drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c,
drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c,
drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c,
drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,
drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c,
drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

Ubuntu-Description

It was discovered that multiple USB HID device drivers in the Linux kernel
did not properly validate device metadata on attachment, leading to out-of-
bounds writes. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19532
https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b
http://www.openwall.com/lists/oss-security/2019/12/03/4
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d9d4b1e46d9543a82c23f6df03f4ad697dab361b
https://ubuntu.com/security/notices/USN-4226-1

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (4.15.0-72.81)
Ubuntu 20.04 LTS:	not-affected (5.4.0-9.12)
Ubuntu 16.04 ESM:	released (4.4.0-170.199)
Ubuntu 14.04 ESM:	ignored (was needed ESM criteria)

Patches:

Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by

d9d4b1e46d9543a82c23f6df03f4ad697dab361b

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (4.15.0-1056.58)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1005.5)
Ubuntu 16.04 ESM:	released (4.4.0-1099.110)
Ubuntu 14.04 ESM:	released (4.4.0-1059.63)

Patches:

Package

Source: linux-aws-5.0 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (5.0.0-1023.26~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.3.0-1016.17~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.4 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1018.18~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	released (4.15.0-1056.58~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (5.0.0-1028.30~18.04.1)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1006.6)
Ubuntu 16.04 ESM:	released (4.15.0-1064.69)
Ubuntu 14.04 ESM:	released (4.15.0-1064.69~14.04.1)

Patches:

Package

Source: linux-azure-4.15 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1082.92)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (5.3.0-1008.9~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.4 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1020.20~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-dell300x (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1005.8)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (5.0.0-1028.29~18.04.1)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1005.5)
Ubuntu 16.04 ESM:	released (4.15.0-1050.53)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-4.15 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (4.15.0-1071.81)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (5.3.0-1009.10~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.4 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1019.19~18.04.2)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-4.15 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (4.15.0-1049.52)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.0 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (5.0.0-1027.28~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.3.0-1011.12~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.4 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1025.25~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gkeop (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.4.0-1008.9)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gkeop-5.4 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1001.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (5.3.0-26.28~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	released (4.15.0-72.81~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-5.4 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.4.0-37.41~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-5.8 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.8.0-23.24~20.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	ignored (was pending \[5.3.0-24.26~18.04.2\] now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (4.15.0-1051.51)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1004.4)
Ubuntu 16.04 ESM:	released (4.4.0-1063.70)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (4.4.0-170.199~14.04.1)

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (4.15.0-1065.75)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-5.10 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.10.0-1008.9)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-5.6 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.6.0-1007.7)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-osp1 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (5.0.0-1033.38)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (4.15.0-1030.33)
Ubuntu 20.04 LTS:	not-affected (5.4.0-1005.5)
Ubuntu 16.04 ESM:	released (4.15.0-1030.33~16.04.1)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.0 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (5.0.0-1009.14~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.3.0-1011.12~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.4 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1019.19~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.4.0-1007.7)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi-5.4 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.4.0-1013.13~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (4.15.0-1052.56)
Ubuntu 20.04 LTS:	ignored (was needed now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2-5.3 (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	not-affected (5.3.0-1017.19~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-riscv (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (5.4.0-24.28)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (5.4~rc6)
Ubuntu 18.04 LTS:	released (4.15.0-1069.76)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 13:53:26 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)