search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2019-19064 - 4bedb466 #4551

Open witchcraze opened 2 weeks ago

witchcraze commented 2 weeks ago

[CVE Configuration Update Request] Update Suggestion - CVE-2019-19064 - Cvss2 : 7.8 [CVE Configuration Update Request] Update Suggestion - CVE-2019-19064 - Cvss3 : 7.5

https://www.linuxkernelcves.com/cves/CVE-2019-19064 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2019-19064.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2019-19064.json

- CVE-2019-19064
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.13
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5.0 up to (excluding) 5.5
- Reference
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.13
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.5
- Reference (Commit)
  - spi: lpspi: fix memory leak in fsl_lpspi_probe
    - Fixed by
      - 5.4.13 (bf3b4bc7bb03a2b0e67078d42a1d43ce05a14b7b)
      - 5.5 (057b8945f78f76d0b04eeb5c27cd9225e5e7ad86) (upstream)
    - Will be introduced by
      - 5.2 (944c01a889d9)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2019-19064 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 5.3.11
witchcraze commented 2 weeks ago 
- CVE-2019-19064
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.2 up to (excluding) 5.4.13
- Reference
  - https://ubuntu.com/security/CVE-2019-19064
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.13
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.5
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.2
- Reference (Commit)
  - spi: lpspi: fix memory leak in fsl_lpspi_probe
    - Fixed by
      - 5.4.13 (bf3b4bc7bb03a2b0e67078d42a1d43ce05a14b7b)
      - 5.5 (057b8945f78f76d0b04eeb5c27cd9225e5e7ad86) (upstream)
    - Will be introduced by
      - 5.2 (944c01a889d9)
- I Checked
  - From ubuntu page
    - Introduced by 944c01a889d97dc08e1b71f4ed868f4023fd6034 Fixed by 057b8945f78f76d0b04eeb5c27cd9225e5e7ad86
  - 057b8945f78f76d0b04eeb5c27cd9225e5e7ad86 is written as upstream commit in ChangeLog-5.4.13
  - 944c01a889d97dc08e1b71f4ed868f4023fd6034 is written in ChangeLog-5.2