PT-2019-14034 · Linux+3 · Linux Kernel+3

Syzbot

·

Published

2019-08-20

·

Updated

2021-05-28

·

CVE-2019-15291

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.2.9
Description A problem was discovered in the Linux kernel where a malicious USB device can cause a NULL pointer dereference in the flexcop usb probe function, located in the drivers/media/usb/b2c2/flexcop-usb.c driver. This issue affects Linux kernel versions up to 5.2.9.
Recommendations For Linux kernel versions prior to 5.2.9, consider disabling the flexcop usb probe function as a temporary workaround until a patch is available. Restrict access to the vulnerable driver drivers/media/usb/b2c2/flexcop-usb.c to minimize the risk of exploitation. Avoid using USB devices from untrusted sources to reduce the risk of triggering this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2019-2537
ALT-PU-2019-2545
ALT-PU-2019-2655
ALT-PU-2019-2746
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
CVE-2019-15291
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2019:2307-1
OPENSUSE-SU-2019:2308-1
OPENSUSE-SU-2019_2307-1
OPENSUSE-SU-2019_2308-1
SUSE-SU-2019:14218-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2706-1
SUSE-SU-2019:2710-1
SUSE-SU-2019:2756-1
SUSE-SU-2019:2879-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2950-1
SUSE-SU-2019:2984-1
SUSE-SU-2019:3295-1
SUSE-SU-2019_14218-1
USN-4254-1
USN-4254-2
USN-4258-1
USN-4284-1
USN-4287-1
USN-4287-2

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu