Vulnerability Details : CVE-2019-25162
In the Linux kernel, the following vulnerability has been resolved:
i2c: Fix a potential use after free
Free the adap structure only after we are done using it.
This patch just moves the put_device() down a bit to avoid the
use after free.
[wsa: added comment to the code, added Fixes tag]
Vulnerability category: Memory Corruption
Products affected by CVE-2019-25162
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-25162
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-25162
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-04-17 |
CWE ids for CVE-2019-25162
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-25162
-
https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829
i2c: Fix a potential use after free - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4
i2c: Fix a potential use after free - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d
i2c: Fix a potential use after free - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9
i2c: Fix a potential use after free - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a
i2c: Fix a potential use after free - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7
i2c: Fix a potential use after free - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87
i2c: Fix a potential use after free - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf
i2c: Fix a potential use after free - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to