PT-2019-4880 · Linux+5 · Linux Kernel+5

Publicado

2019-02-26

·

Atualizado

2023-08-11

·

CVE-2019-15917

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.0.5
Description A use-after-free issue occurs when the hci uart register dev() function fails in the hci uart set proto() function in the drivers/bluetooth/hci ldisc.c file. This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Linux kernel versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the hci uart set proto() function and hci uart register dev() function until a patch is available.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2020:4431
ALT-PU-2019-1552
ALT-PU-2019-1710
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-01468
CESA-2020_4060
CESA-2020_4431
CESA-2020_4609
CVE-2019-15917
DLA-1930-1
DLA-2114-1
OPENSUSE-SU-2019:2173-1
OPENSUSE-SU-2019:2181-1
OPENSUSE-SU-2019_2173-1
OPENSUSE-SU-2019_2181-1
RHSA-2020:2854
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020_4060
RHSA-2020_4062
RHSA-2020_4431
RHSA-2020_4609
RHSA-2021:0019
SUSE-SU-2019:2412-1
SUSE-SU-2019:2414-1
SUSE-SU-2019:2424-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2738-1
SUSE-SU-2019:2756-1
SUSE-SU-2019:3223-1
SUSE-SU-2019:3224-1
SUSE-SU-2019:3233-1
SUSE-SU-2019:3237-1
SUSE-SU-2019:3246-1
SUSE-SU-2019:3247-1
SUSE-SU-2019:3252-1
SUSE-SU-2019_3237-1

Produtos afetados

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Suse