CVE-2019-25162

2024-02-2600:00:00

ubuntu.com

linux kernel

use after free

vulnerability

i2c

resolved

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: i2c:
Fix a potential use after free Free the adap structure only after we are
done using it. This patch just moves the put_device() down a bit to avoid
the use after free. [wsa: added comment to the code, added Fixes tag]

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< 5.4.0-132.148UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-53.59UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-253.287UNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1089.97UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1023.27UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1130.136UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1168.183UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1023.27~20.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-132.148	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-53.59	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-253.287	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1089.97	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1023.27	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1130.136	UNKNOWN
ubuntu	16.04	noarch	linux-aws	< 4.4.0-1168.183	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1023.27~20.04.1	UNKNOWN