CVE-2019-19054
Public on 2019-11-18
Modified on 2020-08-24
Description
A flaw was found in the Linux kernel. The CX23888 Integrated Consumer Infrared Controller probe code handles resource cleanup low memory conditions. A local attacker able to induce low memory conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | kernel | 2020-08-18 | ALAS2-2020-1480 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2022-01-20 | ALAS2KERNEL-5.4-2022-014 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv2 | 4.7 | AV:L/AC:M/Au:N/C:N/I:N/A:C |
| NVD | CVSSv3 | 4.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |