Vulnerability CVE-2019-15290


Published: 2019-08-20

Description:
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver.

Type:

CWE-476

(NULL Pointer Dereference)

Vendor: Linux
Product: Linux kernel 
Version: 5.2.9;

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.openwall.com/lists/oss-security/2019/08/20/2
http://www.openwall.com/lists/oss-security/2019/08/22/1
https://security.netapp.com/advisory/ntap-20190905-0002/
https://syzkaller.appspot.com/bug?id=cd8b9cfe50a0bf36ee19eda2d7e2e06843dfbeaf

Related CVE
CVE-2019-16234
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16233
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16232
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16231
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16230
drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16229
drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16089
An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.
CVE-2019-15927
An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.

Copyright 2019, cxsecurity.com

 

Back to Top