from Google a report on the identification of another 15 vulnerabilities (CVE-2019-19523 - CVE-2019-19537) in USB drivers offered in the Linux kernel. This is the third batch of issues found while fuzzing the USB stack in the package. - previously given researcher about the presence of 29 vulnerabilities.
This time, the list includes only vulnerabilities caused by accessing already freed memory areas (use-after-free) or leading to data leakage from kernel memory. Issues that could be used to denial of service are not included in the report. Vulnerabilities can potentially be exploited when specially prepared USB devices are connected to a computer. Fixes for all issues mentioned in the report are already included in the kernel, but some are not included in the report while they remain uncorrected.
The most dangerous "use-after-free" vulnerabilities that could lead to the execution of attacking code have been fixed in the adutux, ff-memless, ieee802154, pn533, hiddev, iowarrior, mcba_usb and yurex drivers. CVE-2019-19532 additionally summarizes 14 vulnerabilities in HID drivers caused by out-of-bounds write bugs. Issues have been found in the ttusb_dec, pcan_usb_fd, and pcan_usb_pro drivers to leak data from kernel memory. A race condition has been identified in the USB stack code for character devices (CVE-2019-19537).
You can also note
four vulnerabilities (CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901) in the driver for Marvell wireless chips that can lead to buffer overflows. The attack can be carried out remotely by sending specially crafted frames when connecting to an attacker's wireless access point. A remote denial of service (kernel crash) is noted as the most likely threat, but the possibility of executing code in the system is not excluded.
Source: opennet.ru