CVE-2019-25162

Summary

In the Linux kernel, the following vulnerability has been resolved:

i2c: Fix a potential use after free

Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free.

[wsa: added comment to the code, added Fixes tag]

Affected Software

VendorProductVersion RangeStatus
LinuxLinux611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 < e6412ba3b6508bdf9c074d310bf4144afa6aec1aaffected
LinuxLinux611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 < 23a191b132cd87f746c62f3dc27da33683d85829affected
LinuxLinux611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 < 871a1e94929a27bf6e2cd99523865c840bbc2d87affected
LinuxLinux611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 < 81cb31756888bb062e92d2dca21cd629d77a46a9affected
LinuxLinux611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 < 35927d7509ab9bf41896b7e44f639504eae08af7affected
LinuxLinux611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 < e8e1a046cf87c8b1363e5de835114f2779e2aaf4affected
LinuxLinux611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 < 12b0606000d0828630c033bf0c74c748464fe87daffected
LinuxLinux611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 < e4c72c06c367758a14f227c847f9d623f1994ecfaffected
LinuxLinux4.3affected
LinuxLinux0 < 4.3unaffected
LinuxLinux4.14.291 <= 4.14.*unaffected
LinuxLinux4.19.256 <= 4.19.*unaffected
LinuxLinux5.4.211 <= 5.4.*unaffected
LinuxLinux5.10.137 <= 5.10.*unaffected
LinuxLinux5.15.61 <= 5.15.*unaffected
LinuxLinux5.18.18 <= 5.18.*unaffected
LinuxLinux5.19.2 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References