PT-2019-3108 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2019-07-31

·

Updated

2023-11-09

·

CVE-2019-15217

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.2.3
Description The issue is related to a NULL pointer dereference in the drivers/media/usb/zr364xx/zr364xx.c driver, caused by a malicious USB device. This can lead to a denial of service.
Recommendations For Linux kernel versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of the zr364xx driver until a patch is available. Restrict access to USB devices to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2019-2339
ALT-PU-2019-2366
ALT-PU-2019-2488
ALT-PU-2019-2746
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-03091
CESA-2020_4060
CVE-2019-15217
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2019:2173-1
OPENSUSE-SU-2019:2181-1
OPENSUSE-SU-2019_2173-1
OPENSUSE-SU-2019_2181-1
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020_4060
RHSA-2020_4062
SUSE-SU-2019:14218-1
SUSE-SU-2019:2412-1
SUSE-SU-2019:2414-1
SUSE-SU-2019:2424-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2738-1
SUSE-SU-2019:2756-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2950-1
SUSE-SU-2019:2984-1
SUSE-SU-2019_14218-1
USN-4147-1
USN-4286-1
USN-4286-2
USN-4302-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu