CVE-2019-19966
MEDIUMLinux Kernel < 5.1.6 - Use-After-Free in cpia2_exit()
Title source: llmDescription
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
References (5)
Core 5
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6
Exploit, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dea37a97265588da604c6ba80160a287b72c7bfd
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200204-0002/
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
Scores
CVSS v3
4.6
EPSS
0.0014
EPSS Percentile
33.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (13)
debian/debian_linux
8.0
linux/linux_kernel
< 5.1.6
netapp/active_iq_unified_manager
netapp/aff_baseboard_management_controller
a700s
netapp/cloud_backup
netapp/data_availability_services
netapp/e-series_santricity_os_controller
11.0 - 11.70.2
netapp/fas\/aff_baseboard_management_controller
netapp/hci_baseboard_management_controller
h610s
netapp/solidfire_\&_hci_management_node
... and 3 more
Published
Dec 25, 2019
Tracked Since
Feb 18, 2026