A use-after-free flaw was found in the ieee802154 network subsystem in the Linux kernel. A malicious USB device could cause the exploit when a disconnect callback is accessing the hardware-descriptor private data after having it freed by the atusb_disconnect driver.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
seclists.org/oss-sec/2019/q4/115
www.openwall.com/lists/oss-security/2019/12/03/4
bugzilla.redhat.com/show_bug.cgi?id=1783478
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fd25e6fc035f4b04b75bca6d7e8daa069603a76
nvd.nist.gov/vuln/detail/CVE-2019-19525
www.cve.org/CVERecord?id=CVE-2019-19525