Bug 1743580 (CVE-2019-15213)

Summary: CVE-2019-15213 kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mcressma, mjg59, mlangsdo, nmurray, rkeshri, rt-maint, rvrbovsk, steved, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the USB DVB media access driver in the Linux kernel. This flaw could allow an attacker to crash the system at device disconnect or for a kernel information leak problem to occur. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-27 10:48:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1743581, 1812370, 1812371, 1812372, 1812373, 1812374, 1825410    
Bug Blocks: 1743583    

Description Dhananjay Arunesh 2019-08-20 09:10:56 UTC 
A use-after-free flaw was found in dvb_usb_device_exit in drivers/media/usb/dvb-usb/dvb-usb-init.c in USB DVB media access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem.


Reference:
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7
https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced
Comment 1 Dhananjay Arunesh 2019-08-20 09:11:47 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1743581]
Comment 2 Justin M. Forbes 2019-08-20 12:49:27 UTC 
This was fixed for Fedora with the 5.2.3 stable updates.
Comment 5 Rohit Keshri 2020-03-11 10:34:53 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.