Bug 1749974 (CVE-2019-15221) - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c
Summary: CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-15221
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1733130 1738610 1749980 1820455 1820456 1820457 1882424 1882425
Blocks: 1749984
TreeView+ depends on / blocked
 
Reported: 2019-09-07 01:16 UTC by Pedro Sampaio
Modified: 2023-05-12 21:13 UTC (History)
41 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in the way the LINE6 drivers in the Linux kernel allocated buffers for USB packets. This flaw allows an attacker with physical access to the system to crash the system.
Clone Of:
Environment:
Last Closed: 2021-10-25 09:53:12 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2052 0 None None None 2020-05-11 12:53:48 UTC
Red Hat Product Errata RHBA-2020:2626 0 None None None 2020-06-19 01:49:50 UTC
Red Hat Product Errata RHSA-2020:1567 0 None None None 2020-04-28 15:25:05 UTC
Red Hat Product Errata RHSA-2020:1769 0 None None None 2020-04-28 15:51:28 UTC

Description Pedro Sampaio 2019-09-07 01:16:17 UTC
An issue was discovered in the Linux kernel before 5.1.17. There is a
NULL pointer dereference caused by a malicious USB device in the
sound/usb/line6/pcm.c driver.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710

References:

https://www.openwall.com/lists/oss-security/2019/08/20/2
https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6

Comment 1 Pedro Sampaio 2019-09-07 01:30:57 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1749980]

Comment 2 Justin M. Forbes 2019-09-09 06:58:49 UTC
This was fixed for Fedora with the 5.1.17 stable kernel updates.

Comment 5 Petr Matousek 2020-04-03 06:28:58 UTC
Statement:

This issue is rated as having Low impact because of the physical access needed to trigger this issue.

Comment 6 Petr Matousek 2020-04-03 06:29:01 UTC
Mitigation:

To mitigate this issue, prevent module snd-usb-line6 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Comment 7 errata-xmlrpc 2020-04-28 15:25:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567

Comment 8 errata-xmlrpc 2020-04-28 15:51:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769


Note You need to log in before you can comment on or make changes to this bug.