Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15219

Опубликовано: 19 авг. 2019
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.

A NULL pointer dereference flaw was found in the way the USB2VGA dongles driver in the Linux kernel handled failed initialization. This flaw allows an attacker able to insert USB2VGA dongles into the system to crash the system.

Отчет

This issue is rated as having Low impact because of the physical access needed to trigger this issue. Also, failed initialization with the core USB subsystem is also a rare event to hit.

Меры по смягчению последствий

To mitigate this issue, prevent module sisusbvga from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 7kernel-rtFix deferred
Red Hat Enterprise Linux 8kernelAffected
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise MRG 2kernelOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1745536kernel: null pointer dereference in drivers/usb/misc/sisusbvga/sisusb.c driver

EPSS

Процентиль: 29%
0.00099
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15219

CVSS3: 4.6
ubuntu
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.

nvd логотип

CVE-2019-15219

CVSS3: 4.6
nvd
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.

debian логотип

CVE-2019-15219

CVSS3: 4.6
debian
почти 6 лет назад

An issue was discovered in the Linux kernel before 5.1.8. There is a N ...

github логотип

GHSA-jhmv-v8w4-f5wv

CVSS3: 4.6
github
около 3 лет назад

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.

oracle-oval логотип

ELSA-2019-4870

oracle-oval
больше 5 лет назад

ELSA-2019-4870: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 29%
0.00099
Низкий

4.6 Medium

CVSS3