Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2019-15291

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 02 Π°Π²Π³. 2019
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat
CVSS3: 4.6
EPSS Низкий

ОписаниС

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

A null pointer dereference flaw was found in the flexcop_usb_probe function in the Flexcop digital TV device driver. An attacker who can insert a malicious USB device into the system could use this flaw to crash the system.

ΠœΠ΅Ρ€Ρ‹ ΠΏΠΎ ΡΠΌΡΠ³Ρ‡Π΅Π½ΠΈΡŽ послСдствий

As the b2c2-flexcop-usb module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install b2c2-flexcop-usb /bin/true" >> /etc/modprobe.d/disable-b2c2-flexcop-usb.conf

The system will need to be restarted if the b2c2-flexcop-usb module is already loaded. In most circumstances, the b2c2-flexcop-usb kernel module will be unable to be unloaded while the device is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹

ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ°ΠŸΠ°ΠΊΠ΅Ρ‚Π‘ΠΎΡΡ‚ΠΎΡΠ½ΠΈΠ΅Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΡΠ Π΅Π»ΠΈΠ·
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 7kernel-rtFix deferred
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise MRG 2kernel-rtNot affected

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Бтатус:

Low
Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1749978kernel: Null pointer dereference in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 28%
0.00101
Низкий

4.6 Medium

CVSS3

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2019-15291

CVSS3: 4.6
ubuntu
большС 6 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2019-15291

CVSS3: 4.6
nvd
большС 6 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2019-15291

CVSS3: 4.6
debian
большС 6 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in the Linux kernel through 5.2.9. There is a ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-5p4m-xcpc-7fxp

CVSS3: 4.6
github
ΠΏΠΎΡ‡Ρ‚ΠΈ 4 Π³ΠΎΠ΄Π° Π½Π°Π·Π°Π΄

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

oracle-oval Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

ELSA-2020-5560

oracle-oval
ΠΎΠΊΠΎΠ»ΠΎ 6 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ELSA-2020-5560: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 28%
0.00101
Низкий

4.6 Medium

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2019-15291