CVE-2019-19052
📋 TL;DR
This vulnerability is a memory leak in the Linux kernel's CAN-USB driver that allows attackers to cause denial of service by consuming all available memory. It affects Linux systems with CAN-USB hardware support before kernel version 5.3.11. Attackers can trigger this by causing USB URB submission failures.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Aff Baseboard Management Controller by Netapp
View all CVEs affecting Aff Baseboard Management Controller →
Brocade Fabric Operating System Firmware by Broadcom
View all CVEs affecting Brocade Fabric Operating System Firmware →
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
Fas\/aff Baseboard Management Controller by Netapp
View all CVEs affecting Fas\/aff Baseboard Management Controller →
Hci Baseboard Management Controller by Netapp
View all CVEs affecting Hci Baseboard Management Controller →
Leap by Opensuse
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Solidfire \& Hci Management Node by Netapp
Solidfire Baseboard Management Controller Firmware by Netapp
View all CVEs affecting Solidfire Baseboard Management Controller Firmware →
Solidfire\, Enterprise Sds \& Hci Storage Node by Netapp
View all CVEs affecting Solidfire\, Enterprise Sds \& Hci Storage Node →
Steelstore Cloud Integrated Storage by Netapp
View all CVEs affecting Steelstore Cloud Integrated Storage →
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Complete system unavailability due to memory exhaustion, requiring hard reboot and potential data loss.
Likely Case
Degraded system performance leading to service disruption, particularly affecting systems using CAN-USB interfaces.
If Mitigated
Minimal impact if systems are patched or don't use CAN-USB functionality.
🎯 Exploit Status
Exploitation requires ability to trigger USB URB submission failures, typically requiring physical USB device access or driver manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.3.11 and later
Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
Restart Required: Yes
Instructions:
1. Update kernel to version 5.3.11 or later. 2. For distributions: Use package manager (apt-get upgrade linux-image, yum update kernel, etc.). 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable CAN-USB driver
linuxRemove or blacklist the gs_usb kernel module to prevent loading
echo 'blacklist gs_usb' > /etc/modprobe.d/blacklist-gs_usb.conf
rmmod gs_usb
🧯 If You Can't Patch
- Disable CAN-USB hardware support in kernel configuration
- Restrict physical access to USB ports and monitor for suspicious USB device connections
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If version is <5.3.11 and gs_usb module is loaded (lsmod | grep gs_usb), system is vulnerable.Check Version:
uname -rVerify Fix Applied:
After patching, verify kernel version is ≥5.3.11 with uname -r and check that memory consumption doesn't spike during CAN-USB operations.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing memory allocation failures (dmesg | grep -i 'out of memory')
- System logs showing high memory usage patterns
Network Indicators:
- Unusual CAN bus traffic patterns if network monitoring is available
SIEM Query:
source="kernel" AND ("out of memory" OR "gs_usb" OR "memory leak")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
- https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4228-2/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
- https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4228-2/
- https://www.oracle.com/security-alerts/cpuApr2021.html
