Bug 1745536 (CVE-2019-15219)
Summary: | CVE-2019-15219 kernel: null pointer dereference in drivers/usb/misc/sisusbvga/sisusb.c driver | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mcressma, mjg59, mlangsdo, nmurray, rt-maint, rvrbovsk, steved, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A NULL pointer dereference flaw was found in the way the USB2VGA dongles driver in the Linux kernel handled failed initialization. This flaw allows an attacker able to insert USB2VGA dongles into the system to crash the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-25 09:53:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1745543, 1820440, 1820441, 1820442, 1820443, 1820444 | ||
Bug Blocks: | 1745542 |
Description
Dhananjay Arunesh
2019-08-26 10:41:56 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1745543] This was fixed for Fedora with the 5.1.8 stable kernel updates. Statement: This issue is rated as having Low impact because of the physical access needed to trigger this issue. Also, failed initialization with the core USB subsystem is also a rare event to hit. Mitigation: To mitigate this issue, prevent module sisusbvga from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically. |