ByteOS Network

NVD Vulnerability Details :

CVE-2019-15219

Analyzed

Source-cve@mitre.org

Published At-19 Aug, 2019 | 22:15

Updated At-09 Nov, 2023 | 14:44

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.9

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

Linux Kernel Organization, Inc

>>linux_kernel>>Versions before 5.1.8(exclusive)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

NetApp, Inc.

>>h410c_firmware>>-

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

NetApp, Inc.

>>h410c>>-

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

NetApp, Inc.

>>active_iq_unified_manager>>-

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

NetApp, Inc.

>>data_availability_services>>-

cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*

NetApp, Inc.

>>solidfire_\&_hci_management_node>>-

cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

NetApp, Inc.

>>solidfire_baseboard_management_controller>>-

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Canonical Ltd.

>>ubuntu_linux>>18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>19.04

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

openSUSE

>>leap>>15.0

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

openSUSE

>>leap>>15.1

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-476	Primary	nvd@nist.gov

CWE ID: CWE-476

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html	cve@mitre.org	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/20/2	cve@mitre.org	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/22/2	cve@mitre.org	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/22/3	cve@mitre.org	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/22/4	cve@mitre.org	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/22/5	cve@mitre.org	Mailing List
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8	cve@mitre.org	Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9a5729f68d3a82786aea110b1bfe610be318f80a	cve@mitre.org	Patch
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html	cve@mitre.org	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html	cve@mitre.org	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html	cve@mitre.org	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190905-0002/	cve@mitre.org	Third Party Advisory
https://syzkaller.appspot.com/bug?id=aaf6794922521df1c35c81e32cb2d0bb6a351e7b	cve@mitre.org	Exploit Third Party Advisory