PT-2019-4880 · Linux+5 · Linux Kernel+5

Published

2019-02-26

·

Updated

2023-08-11

·

CVE-2019-15917

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.0.5
Description A use-after-free issue occurs when the hci uart register dev() function fails in the hci uart set proto() function in the drivers/bluetooth/hci ldisc.c file. This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Linux kernel versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the hci uart set proto() function and hci uart register dev() function until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2020:4431
ALT-PU-2019-1552
ALT-PU-2019-1710
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-01468
CESA-2020_4060
CESA-2020_4431
CESA-2020_4609
CVE-2019-15917
DLA-1930-1
DLA-2114-1
OPENSUSE-SU-2019:2173-1
OPENSUSE-SU-2019:2181-1
OPENSUSE-SU-2019_2173-1
OPENSUSE-SU-2019_2181-1
RHSA-2020:2854
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020_4060
RHSA-2020_4062
RHSA-2020_4431
RHSA-2020_4609
RHSA-2021:0019
SUSE-SU-2019:2412-1
SUSE-SU-2019:2414-1
SUSE-SU-2019:2424-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2738-1
SUSE-SU-2019:2756-1
SUSE-SU-2019:3223-1
SUSE-SU-2019:3224-1
SUSE-SU-2019:3233-1
SUSE-SU-2019:3237-1
SUSE-SU-2019:3246-1
SUSE-SU-2019:3247-1
SUSE-SU-2019:3252-1
SUSE-SU-2019_3237-1

Affected Products

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Suse