CVE-2019-12455

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.1.5

Description An issue was discovered in the sunxi divs clk setup function in drivers/clk/sunxi/clk-sunxi.c. There is an unchecked kstrndup of derived name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). However, it is disputed as not being an issue because the memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started.

Recommendations For Linux kernel versions through 5.1.5, consider updating to a version where this issue is resolved, if available. As a temporary workaround, no specific mitigation measures are mentioned, but it is noted that the issue is disputed and may not be exploitable by unprivileged users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.