CVE-2019-15213

Published: Aug 19, 2019Modified: May 28, 2026

4.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.

Affected (7)

Products: Linux: Linux Kernel · Netapp: H410c Firmware, Active Iq Unified Manager, Data Availability Services, Solidfire & Hci Management Node, Solidfire Baseboard Management Controller · Opensuse: Leap

1 product

5 products

Active Iq Unified Manager

Data Availability Services

Solidfire & Hci Management Node

Solidfire Baseboard Management Controller

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.2.3

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Data Availability Services	All versions
Netapp Solidfire & Hci Management Node	All versions
Netapp Solidfire Baseboard Management Controller	All versions

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/08/20/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3

Source: cve@mitre.org

Release Notes

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7

Source: cve@mitre.org

Patch

https://security.netapp.com/advisory/ntap-20190905-0002/

Source: cve@mitre.org

Third Party Advisory

https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced

Source: cve@mitre.org

Exploit

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/08/20/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://security.netapp.com/advisory/ntap-20190905-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.