CVE-2019-25058

NameCVE-2019-25058
DescriptionAn issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2979-1
NVD severitymedium
Debian Bugs1008026

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
usbguard (PTS)stretch0.6.2+ds1-2vulnerable
stretch (security)0.6.2+ds1-2+deb9u1fixed
buster0.7.4+ds-1vulnerable
bullseye1.0.0+ds-2vulnerable
bookworm, sid1.1.1+ds-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
usbguardsourceexperimental1.1.0+ds-1
usbguardsourcestretch0.6.2+ds1-2+deb9u1DLA-2979-1
usbguardsource(unstable)1.1.0+ds-21008026

Notes

https://github.com/USBGuard/usbguard/issues/273
https://github.com/USBGuard/usbguard/issues/403
https://github.com/USBGuard/usbguard/pull/531

Search for package or bug name: Reporting problems