Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15099

Опубликовано: 20 авг. 2019
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

A null pointer dereference flaw was discovered in the Linux kernel's implementation of the ath10k USB device driver. The vulnerability requires the attacker to plug in a specially crafted hardware device that present endpoint descriptors that normal ath10k devices do not recognize. System availability is the highest threat with this vulnerability.

Меры по смягчению последствий

As the ath10k module will be auto-loaded when required, its use can be disabled by preventing the module from loading using the following instructions. On the command line, as root, execute the following command:

echo "install ath10k_usb /bin/true" >> /etc/modprobe.d/disable-ath10k_usb.conf

The system will need to be restarted if the ath10k_usb module are loaded. In most circumstances, the kernel modules will be unable to be unloaded while the ath10k WiFi network interface is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2kernel-rtWill not fix
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2020:149316.04.2020
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2020:156728.04.2020
Red Hat Enterprise Linux 8kernelFixedRHSA-2020:176928.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1743560kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash

EPSS

Процентиль: 79%
0.01396
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15099

CVSS3: 7.5
ubuntu
почти 6 лет назад

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

nvd логотип

CVE-2019-15099

CVSS3: 7.5
nvd
почти 6 лет назад

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

debian логотип

CVE-2019-15099

CVSS3: 7.5
debian
почти 6 лет назад

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...

github логотип

GHSA-gh6c-rccf-p2mm

CVSS3: 7.5
github
около 3 лет назад

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

fstec логотип

BDU:2019-03219

CVSS3: 7.5
fstec
почти 6 лет назад

Уязвимость драйвера drivers/net/wireless/ath/ath10k/usb.c ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 79%
0.01396
Низкий

4.3 Medium

CVSS3