Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15217

Опубликовано: 19 авг. 2019
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.

A vulnerability was found in the Linux kernel. The Zr364xx USB device driver is susceptible to malicious USB devices. An attacker able to add a specific USB device could cause a crash leading to a denial of service.

Меры по смягчению последствий

To mitigate this issue, prevent module zr364xx from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelFix deferred
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise MRG 2kernel-rtOut of support scope
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2020:406229.09.2020
Red Hat Enterprise Linux 7kernelFixedRHSA-2020:406029.09.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1745528kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver

EPSS

Процентиль: 21%
0.00065
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15217

CVSS3: 4.6
ubuntu
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.

nvd логотип

CVE-2019-15217

CVSS3: 4.6
nvd
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.

debian логотип

CVE-2019-15217

CVSS3: 4.6
debian
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.2.3. There is a N ...

github логотип

GHSA-c7jc-3f7r-j74w

CVSS3: 4.6
github
около 3 лет назад

An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.

fstec логотип

BDU:2019-03091

CVSS3: 4.6
fstec
почти 6 лет назад

Уязвимость драйвера drivers/media/usb/zr364xx/zr364xx.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 21%
0.00065
Низкий

4.6 Medium

CVSS3