PT-2019-6145 · Linux+5 · Linux Kernel+5

Gen Zhang

·

Publicado

2019-05-07

·

Atualizado

2026-03-13

·

CVE-2019-12382

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.1.5
Description An issue was discovered in the drm load edid firmware function in the Linux kernel, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) due to an unchecked kstrdup of fwstr. The vendor disputes this issue as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.
Recommendations For Linux kernel versions through 5.1.5, as a temporary workaround, consider disabling the drm load edid firmware function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2019-2024
ALT-PU-2019-2036
ALT-PU-2019-2120
ALT-PU-2019-2311
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2021-06329
CESA-2019_3517
CESA-2020_1016
CVE-2019-12382
ECHO-2E0F-66C1-3249
OPENSUSE-SU-2019:1571-1
OPENSUSE-SU-2019:1579-1
OPENSUSE-SU-2019_1570-1
OPENSUSE-SU-2019_1571-1
OPENSUSE-SU-2019_1579-1
RHSA-2019:3517
RHSA-2019_3517
RHSA-2020:1016
RHSA-2020:1070
RHSA-2020:2522
RHSA-2020_1016
RHSA-2020_1070
SUSE-SU-2019:1527-1
SUSE-SU-2019:1529-1
SUSE-SU-2019:1530-1
SUSE-SU-2019:1532-1
SUSE-SU-2019:1534-1
SUSE-SU-2019:1535-1
SUSE-SU-2019:1536-1
SUSE-SU-2019:1550-1
SUSE-SU-2019:2430-1

Produtos afetados

Alt Linux
Centos
Debian
Linux Kernel
Red Hat
Suse