PT-2019-3108 · Linux+5 · Linux Kernel+5

Syzbot

·

Publicado

2019-07-31

·

Atualizado

2023-11-09

·

CVE-2019-15217

CVSS v2.0

4.9

Média

VetorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.2.3
Description The issue is related to a NULL pointer dereference in the drivers/media/usb/zr364xx/zr364xx.c driver, caused by a malicious USB device. This can lead to a denial of service.
Recommendations For Linux kernel versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of the zr364xx driver until a patch is available. Restrict access to USB devices to minimize the risk of exploitation.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2019-2339
ALT-PU-2019-2366
ALT-PU-2019-2488
ALT-PU-2019-2746
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-03091
CESA-2020_4060
CVE-2019-15217
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2019:2173-1
OPENSUSE-SU-2019:2181-1
OPENSUSE-SU-2019_2173-1
OPENSUSE-SU-2019_2181-1
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020_4060
RHSA-2020_4062
SUSE-SU-2019:14218-1
SUSE-SU-2019:2412-1
SUSE-SU-2019:2414-1
SUSE-SU-2019:2424-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2738-1
SUSE-SU-2019:2756-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2950-1
SUSE-SU-2019:2984-1
SUSE-SU-2019_14218-1
USN-4147-1
USN-4286-1
USN-4286-2
USN-4302-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu