1743552 – (CVE-2019-15098) CVE-2019-15098 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash

Bug 1743552 (CVE-2019-15098) - CVE-2019-15098 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash

Summary: CVE-2019-15098 kernel: a NULL pointer dereference in drivers/net/wireless/ath...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-15098
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1763872
Blocks:	1743553
TreeView+	depends on / blocked

Reported:	2019-08-20 08:24 UTC by Marian Rehak
Modified:	2021-02-16 21:29 UTC (History)
CC List:	48 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel's implementation of the ath6kl wireless network driver implementation, which could allow an attacker with physical access with custom USB hardware to plug into a rogue USB device that can create a condition where the kernel will panic.
Clone Of:
Environment:
Last Closed:	2019-11-21 07:04:52 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2019-08-20 08:24:16 UTC

A flaw in the Linux kernels implementation of the ath6kl wireless network driver implementation could allow an attacker with physical access with custom USB hardware to plug in a rogue USB device that can possibly create a condition where the kernel will panic.

Red Hat does not include the code affected by this flaw in currently shipping releases.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39d170b3cb62ba98567f5c4f40c27b5864b304e5

Comment 1 Guilherme de Almeida Suckevicz 2019-10-21 19:25:59 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1763872]

Comment 3 Wade Mealing 2019-11-21 06:47:50 UTC

External References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39d170b3cb62ba98567f5c4f40c27b5864b304e5

Comment 4 Wade Mealing 2019-11-21 06:48:42 UTC

Mitigation:

No mitigation is required as Red Hat kernels are not affected.

Comment 5 Product Security DevOps Team 2019-11-21 07:04:52 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-15098

Comment 6 Justin M. Forbes 2020-03-19 21:54:39 UTC

This is fixed for Fedora with the 5.3.9 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bdettelb
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jlelli
john.j5live
jonathan
josef
jross
jschorr
jshortt
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
masami256
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
plougher
rt-maint
rvrbovsk
steved
williams
wmealing
yozone