PT-2019-3107 · Linux+3 · Linux Kernel+3

Published

2019-06-10

·

Updated

2023-11-09

·

CVE-2019-15218

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.1.8
Description The issue is related to a NULL pointer dereference in the drivers/media/usb/siano/smsusb.c driver, caused by a malicious USB device. This can lead to a denial of service.
Recommendations For Linux kernel versions prior to 5.1.8, update to version 5.1.8 or later to resolve the issue. As a temporary workaround, consider disabling the use of the smsusb.c driver until a patch is available. Restrict access to USB devices to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2019-2024
ALT-PU-2019-2036
ALT-PU-2019-2120
ALT-PU-2019-2311
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-03090
CVE-2019-15218
DLA-1919-1
DLA-1919-2
DLA-1930-1
OPENSUSE-SU-2019:2173-1
OPENSUSE-SU-2019:2181-1
OPENSUSE-SU-2019_2173-1
OPENSUSE-SU-2019_2181-1
SUSE-SU-2019:2412-1
SUSE-SU-2019:2414-1
SUSE-SU-2019:2424-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2738-1
SUSE-SU-2019:2756-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2950-1
SUSE-SU-2019:2984-1
USN-4115-1
USN-4115-2
USN-4118-1
USN-4147-1

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu