Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15118

Опубликовано: 20 авг. 2019
Источник: redhat
CVSS3: 6.5

Описание

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

A flaw was found in the sound mixer handling of the Linux kernel. An attacker with physical access able to insert a specially crafted USB device can cause a recursive loop which continues to consume the reserved stack space leading to a system panic. The highest threat from this vulnerability is to system availability.

Меры по смягчению последствий

As the snd_usb_audio module will be auto-loaded when a usb device is hot plugged, the module can be prevented by loading with the following instructions:

echo "install snd_usb_audio /bin/true" >> /etc/modprobe.d/disable-snd-usb-audio.conf

The system will need to be restarted if the modules are loaded. In most circumstances, the sound kernel modules will be unable to be unloaded while any programs are active and the device are in use." If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1743539kernel: mishandling recursion in sound/usb/mixer.c leading to kernel stack exhaustion and crash

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15118

CVSS3: 5.5
ubuntu
больше 6 лет назад

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

nvd логотип

CVE-2019-15118

CVSS3: 5.5
nvd
больше 6 лет назад

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

debian логотип

CVE-2019-15118

CVSS3: 5.5
debian
больше 6 лет назад

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2. ...

github логотип

GHSA-7hqx-w6mq-g592

CVSS3: 5.5
github
больше 3 лет назад

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

suse-cvrf логотип

SUSE-SU-2019:2299-1

suse-cvrf
больше 6 лет назад

Security update for the Linux Kernel

6.5 Medium

CVSS3