Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15215

Опубликовано: 19 авг. 2019
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

A use-after-free vulnerability was found in the Linux kernel's cpia2_usb driver. An attacker must have physical access to the system to utilize a malicious USB device to trigger the disconnect() functionality which is required to trigger this flaw. A local account is also required to take advantage of the use-after-free memory condition. System availability is the highest threat from this vulnerability.

Меры по смягчению последствий

As the cpia2 module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install cpia2 /bin/true" >> /etc/modprobe.d/disable-cpia2.conf

The system will need to be restarted if the cpia2 modules are loaded. In most circumstances, the cpia2 kernel modules will be unable to be unloaded while the hardware is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1745514kernel: use after free in drivers/media/usb/cpia2/cpia2_usb.c driver

EPSS

Процентиль: 30%
0.00111
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15215

CVSS3: 4.6
ubuntu
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

nvd логотип

CVE-2019-15215

CVSS3: 4.6
nvd
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

debian логотип

CVE-2019-15215

CVSS3: 4.6
debian
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.2.6. There is a u ...

github логотип

GHSA-pr3r-4pq6-4jw6

CVSS3: 4.6
github
около 3 лет назад

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.

fstec логотип

BDU:2019-03093

CVSS3: 4.6
fstec
почти 6 лет назад

Уязвимость драйвера drivers/media/usb/cpia2/cpia2_usb.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 30%
0.00111
Низкий

4.6 Medium

CVSS3