Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15505

Опубликовано: 23 авг. 2019
Источник: redhat
CVSS3: 8
EPSS Низкий

Описание

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisat_usb2_state state->buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure occurs. Data confidentiality and system availability are the highest threats with this vulnerability.

Меры по смягчению последствий

Mitigation for this issue is to skip loading the affected module technisat_usb2 onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.

How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2kernel-rtWill not fix
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2024:295022.05.2024
Red Hat Enterprise Linux 8kernelFixedRHSA-2024:313822.05.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1746732kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c

EPSS

Процентиль: 67%
0.00545
Низкий

8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15505

CVSS3: 9.8
ubuntu
почти 6 лет назад

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

nvd логотип

CVE-2019-15505

CVSS3: 9.8
nvd
почти 6 лет назад

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

debian логотип

CVE-2019-15505

CVSS3: 9.8
debian
почти 6 лет назад

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...

github логотип

GHSA-8q2x-x7hh-j593

CVSS3: 9.8
github
около 3 лет назад

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

fstec логотип

BDU:2020-01344

CVSS3: 9.8
fstec
почти 6 лет назад

Уязвимость компонента drivers/media/usb/dvb-usb/technisat-usb2.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

EPSS

Процентиль: 67%
0.00545
Низкий

8 High

CVSS3