Vulnerability Details : CVE-2019-14763
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
Products affected by CVE-2019-14763
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-14763
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-14763
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-14763
-
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-14763
-
https://usn.ubuntu.com/4118-1/
USN-4118-1: Linux kernel (AWS) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=072684e8c58d17e853f8e8b9f6d9ce2e58d2b036
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
-
https://www.spinics.net/lists/linux-usb/msg167355.html
Re: [PATCH 1/2] usb: gadget: udc: core: update usb_ep_queue() documentation — Linux USBMailing List;Patch;Third Party Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4
Mailing List;Vendor Advisory
-
https://www.spinics.net/lists/linux-usb/msg167393.html
Re: [PATCH 1/2] usb: gadget: udc: core: update usb_ep_queue() documentation — Linux USBMailing List;Patch;Third Party Advisory
-
https://github.com/torvalds/linux/commit/072684e8c58d17e853f8e8b9f6d9ce2e58d2b036
USB: gadget: f_hid: fix deadlock in f_hidg_write() · torvalds/linux@072684e · GitHubPatch;Third Party Advisory
-
https://github.com/torvalds/linux/commit/c91815b596245fd7da349ecc43c8def670d2269e
usb: dwc3: gadget: never call ->complete() from ->ep_queue() · torvalds/linux@c91815b · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/4115-1/
USN-4115-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c91815b596245fd7da349ecc43c8def670d2269e
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
Jump to