CVE-2019-25162
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
26/02/2024
Last modified:
17/04/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
i2c: Fix a potential use after free<br />
<br />
Free the adap structure only after we are done using it.<br />
This patch just moves the put_device() down a bit to avoid the<br />
use after free.<br />
<br />
[wsa: added comment to the code, added Fixes tag]
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.3.0 (including) | 4.14.291 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15.0 (including) | 4.19.256 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20.0 (including) | 5.4.211 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5.0 (including) | 5.10.137 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11.0 (including) | 5.15.61 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16.0 (including) | 5.18.18 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.19.0 (including) | 5.19.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d
- https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829
- https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7
- https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9
- https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87
- https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf
- https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a
- https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4