CVE-2019-15223

Published: Aug 19, 2019Modified: Nov 21, 2024

4.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.

Affected (8)

Products: Linux: Linux Kernel · Netapp: H410c Firmware, Active Iq Unified Manager, Data Availability Services, Solidfire & Hci Management Node, Solidfire Baseboard Management Controller · Canonical: Ubuntu Linux

1 product

5 products

Active Iq Unified Manager

Data Availability Services

Solidfire & Hci Management Node

Solidfire Baseboard Management Controller

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.1.8

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Data Availability Services	All versions
Netapp Solidfire & Hci Management Node	All versions
Netapp Solidfire Baseboard Management Controller	All versions

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (12)

http://www.openwall.com/lists/oss-security/2019/08/20/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8

Source: cve@mitre.org

Release Notes

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b074ab7fc0d575247b9cc9f93bb7e007ca38840

Source: cve@mitre.org

Patch

https://security.netapp.com/advisory/ntap-20190905-0002/

Source: cve@mitre.org

Third Party Advisory

https://syzkaller.appspot.com/bug?id=0c1e517c657d3de2361cb0cc2d3a8663c25039a7

Source: cve@mitre.org

ExploitThird Party Advisory

https://usn.ubuntu.com/4147-1/

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/08/20/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b074ab7fc0d575247b9cc9f93bb7e007ca38840

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://security.netapp.com/advisory/ntap-20190905-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://syzkaller.appspot.com/bug?id=0c1e517c657d3de2361cb0cc2d3a8663c25039a7

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://usn.ubuntu.com/4147-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.