CVE-2019-12615

Published: Jun 3, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Affected (18)

Products: Linux: Linux Kernel · Netapp: Aff A700s Firmware, Active Iq Unified Manager, Hci Management Node, Solidfire, Cn1610 Firmware, H610s Firmware

1 product

6 products

Aff A700s Firmware

Active Iq Unified Manager

Hci Management Node

Cn1610 Firmware

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.12.1 to 4.14.130
Linux Linux Kernel	From 4.19 to 4.19.56
Linux Linux Kernel	From 5.1 to 5.1.15
Linux Linux Kernel	Version 2.6.12 rc2
Linux Linux Kernel	Version 2.6.12 rc3
Linux Linux Kernel	Version 2.6.12 rc4
Linux Linux Kernel	Version 2.6.12 rc5
Linux Linux Kernel	Version 2.6.12 rc6
Linux Linux Kernel	Version 5.2 rc1
Linux Linux Kernel	Version 5.2 rc2
Linux Linux Kernel	Version 5.2 rc3
Linux Linux Kernel	Version 5.2 rc4

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff A700s Firmware	All versions

Running on/with	Platform Versions
Netapp Aff A700s	All versions

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	From 9.5
Netapp Hci Management Node	All versions
Netapp Solidfire	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Cn1610 Firmware	All versions

Running on/with	Platform Versions
Netapp Cn1610	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610s Firmware	All versions

Running on/with	Platform Versions
Netapp H610s	All versions

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (12)

http://www.securityfocus.com/bid/108549

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc.git/commit/?id=80caf43549e7e41a695c6d1e11066286538b336f

Source: cve@mitre.org

PatchVendor Advisory

https://security.netapp.com/advisory/ntap-20190710-0002/

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K60924046

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K60924046?utm_source=f5support&amp%3Butm_medium=RSS

Source: cve@mitre.org

https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2014901.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/108549

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc.git/commit/?id=80caf43549e7e41a695c6d1e11066286538b336f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security.netapp.com/advisory/ntap-20190710-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.f5.com/csp/article/K60924046

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.f5.com/csp/article/K60924046?utm_source=f5support&amp%3Butm_medium=RSS

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2014901.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.