CVE-2019-25162
Vulnerability from cvelistv5
Published
2024-02-26 17:20
Modified
2024-11-04 11:49
Severity ?
Summary
i2c: Fix a potential use after free
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:00:19.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25162",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T18:51:49.719341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T18:51:57.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core-base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e6412ba3b650",
              "status": "affected",
              "version": "611e12ea0f12",
              "versionType": "git"
            },
            {
              "lessThan": "23a191b132cd",
              "status": "affected",
              "version": "611e12ea0f12",
              "versionType": "git"
            },
            {
              "lessThan": "871a1e94929a",
              "status": "affected",
              "version": "611e12ea0f12",
              "versionType": "git"
            },
            {
              "lessThan": "81cb31756888",
              "status": "affected",
              "version": "611e12ea0f12",
              "versionType": "git"
            },
            {
              "lessThan": "35927d7509ab",
              "status": "affected",
              "version": "611e12ea0f12",
              "versionType": "git"
            },
            {
              "lessThan": "e8e1a046cf87",
              "status": "affected",
              "version": "611e12ea0f12",
              "versionType": "git"
            },
            {
              "lessThan": "12b0606000d0",
              "status": "affected",
              "version": "611e12ea0f12",
              "versionType": "git"
            },
            {
              "lessThan": "e4c72c06c367",
              "status": "affected",
              "version": "611e12ea0f12",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core-base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.256",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.137",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: Fix a potential use after free\n\nFree the adap structure only after we are done using it.\nThis patch just moves the put_device() down a bit to avoid the\nuse after free.\n\n[wsa: added comment to the code, added Fixes tag]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T11:49:27.192Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
        },
        {
          "url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
        },
        {
          "url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
        },
        {
          "url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
        }
      ],
      "title": "i2c: Fix a potential use after free",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2019-25162",
    "datePublished": "2024-02-26T17:20:20.846Z",
    "dateReserved": "2024-02-26T17:07:20.465Z",
    "dateUpdated": "2024-11-04T11:49:27.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-25162\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-26T18:15:07.043\",\"lastModified\":\"2024-04-17T17:38:07.340\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ni2c: Fix a potential use after free\\n\\nFree the adap structure only after we are done using it.\\nThis patch just moves the put_device() down a bit to avoid the\\nuse after free.\\n\\n[wsa: added comment to the code, added Fixes tag]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: corrige un use after free que libera la estructura adap solo despu\u00e9s de que hayamos terminado de usarla. Este parche simplemente mueve put_device() un poco hacia abajo para evitar el use after free. [wsa: comentario agregado al c\u00f3digo, etiqueta de correcciones agregada]\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.14.291\",\"matchCriteriaId\":\"048D7AEC-0BDF-4E6B-88C7-6C885B2803A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15.0\",\"versionEndExcluding\":\"4.19.256\",\"matchCriteriaId\":\"D0FFCACA-D324-4AB2-B271-A5EF3D23E273\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20.0\",\"versionEndExcluding\":\"5.4.211\",\"matchCriteriaId\":\"3C33D40A-AF8C-46C6-9ED1-7F5F8C96552F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndExcluding\":\"5.10.137\",\"matchCriteriaId\":\"40A3CF09-2536-449C-B622-B8C0DBA309E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.15.61\",\"matchCriteriaId\":\"AEDDBF30-4946-4481-B5C2-AE55A1369335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16.0\",\"versionEndExcluding\":\"5.18.18\",\"matchCriteriaId\":\"6D6BD036-D6F8-4B3A-A066-8A95E4338323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.19.0\",\"versionEndExcluding\":\"5.19.2\",\"matchCriteriaId\":\"8FFF6920-BE48-4EF0-8496-09F9B048C2F7\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.