Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15218

Опубликовано: 19 авг. 2019
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

A flaw was found in the Linux kernel's Siano Mobile Silicon MDTV receiver driver. An attacker, with physical access and a specially crafted USB device, can exploit this vulnerability, creating a NULL pointer dereference and causing the system to crash. The highest threat from this vulnerability is system availability.

Меры по смягчению последствий

As the smsusb module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install smsusb /bin/true" >> /etc/modprobe.d/disable-smsusb.conf

The system will need to be restarted if the module are already loaded. In most circumstances, the smsusb kernel modules will be unable to be unloaded while the adapter is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services."

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelFix deferred
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 7kernel-rtFix deferred
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise MRG 2kernel-rtWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1745530kernel: null pointer dereference in the drivers/media/usb/siano/smsusb.c driver

EPSS

Процентиль: 28%
0.00096
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15218

CVSS3: 4.6
ubuntu
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

nvd логотип

CVE-2019-15218

CVSS3: 4.6
nvd
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

debian логотип

CVE-2019-15218

CVSS3: 4.6
debian
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.1.8. There is a N ...

github логотип

GHSA-m6x5-r2x6-wg47

CVSS3: 4.6
github
около 3 лет назад

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.

fstec логотип

BDU:2019-03090

CVSS3: 4.6
fstec
почти 6 лет назад

Уязвимость драйвера drivers/media/usb/siano/smsusb.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 28%
0.00096
Низкий

4.6 Medium

CVSS3