FKIE_CVE-2019-25162

Vulnerability from fkie_nvd - Published: 2024-02-26 18:15 - Updated: 2024-11-21 04:40
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecfPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87dPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecfPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1aPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "048D7AEC-0BDF-4E6B-88C7-6C885B2803A7",
              "versionEndExcluding": "4.14.291",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0FFCACA-D324-4AB2-B271-A5EF3D23E273",
              "versionEndExcluding": "4.19.256",
              "versionStartIncluding": "4.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C33D40A-AF8C-46C6-9ED1-7F5F8C96552F",
              "versionEndExcluding": "5.4.211",
              "versionStartIncluding": "4.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A3CF09-2536-449C-B622-B8C0DBA309E6",
              "versionEndExcluding": "5.10.137",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDDBF30-4946-4481-B5C2-AE55A1369335",
              "versionEndExcluding": "5.15.61",
              "versionStartIncluding": "5.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D6BD036-D6F8-4B3A-A066-8A95E4338323",
              "versionEndExcluding": "5.18.18",
              "versionStartIncluding": "5.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FFF6920-BE48-4EF0-8496-09F9B048C2F7",
              "versionEndExcluding": "5.19.2",
              "versionStartIncluding": "5.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: Fix a potential use after free\n\nFree the adap structure only after we are done using it.\nThis patch just moves the put_device() down a bit to avoid the\nuse after free.\n\n[wsa: added comment to the code, added Fixes tag]"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: corrige un use after free que libera la estructura adap solo despu\u00e9s de que hayamos terminado de usarla. Este parche simplemente mueve put_device() un poco hacia abajo para evitar el use after free. [wsa: comentario agregado al c\u00f3digo, etiqueta de correcciones agregada]"
    }
  ],
  "id": "CVE-2019-25162",
  "lastModified": "2024-11-21T04:40:00.587",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-26T18:15:07.043",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.