CVE-2019-15291

Опубликовано: 02 авг. 2019

Источник: redhat

CVSS3: 4.6

Описание

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

A null pointer dereference flaw was found in the flexcop_usb_probe function in the Flexcop digital TV device driver. An attacker who can insert a malicious USB device into the system could use this flaw to crash the system.

Меры по смягчению последствий

As the b2c2-flexcop-usb module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install b2c2-flexcop-usb /bin/true" >> /etc/modprobe.d/disable-b2c2-flexcop-usb.conf

The system will need to be restarted if the b2c2-flexcop-usb module is already loaded. In most circumstances, the b2c2-flexcop-usb kernel module will be unable to be unloaded while the device is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Fix deferred
Red Hat Enterprise Linux 7	kernel-alt	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Fix deferred
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise MRG 2	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1749978kernel: Null pointer dereference in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c

4.6 Medium

CVSS3