This time, the list includes only vulnerabilities caused by accessing already freed memory areas (use-after-free) or leading to data leakage from kernel memory. Issues that could be used to denial of service are not included in the report. Vulnerabilities can potentially be exploited when specially prepared USB devices are connected to a computer. Fixes for all issues mentioned in the report are already included in the kernel, but some are not included in the report
The most dangerous "use-after-free" vulnerabilities that could lead to the execution of attacking code have been fixed in the adutux, ff-memless, ieee802154, pn533, hiddev, iowarrior, mcba_usb and yurex drivers. CVE-2019-19532 additionally summarizes 14 vulnerabilities in HID drivers caused by out-of-bounds write bugs. Issues have been found in the ttusb_dec, pcan_usb_fd, and pcan_usb_pro drivers to leak data from kernel memory. A race condition has been identified in the USB stack code for character devices (CVE-2019-19537).
You can also note
Source: opennet.ru