CVE-2019-12615: Null Pointer Dereference
First published: Mon Jun 03 2019(Updated: )
An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.12.1<4.14.130 | |
| Linux Kernel | >=4.19<4.19.56 | |
| Linux Kernel | >=5.1<5.1.15 | |
| Linux Kernel | =2.6.12-rc2 | |
| Linux Kernel | =2.6.12-rc3 | |
| Linux Kernel | =2.6.12-rc4 | |
| Linux Kernel | =2.6.12-rc5 | |
| Linux Kernel | =2.6.12-rc6 | |
| Linux Kernel | =5.2-rc1 | |
| Linux Kernel | =5.2-rc2 | |
| Linux Kernel | =5.2-rc3 | |
| Linux Kernel | =5.2-rc4 | |
| NetApp AFF A700s Firmware | ||
| NetApp AFF A700s Firmware | ||
| NetApp Active IQ Unified Manager for VMware vSphere | >=9.5 | |
| netapp hci management node | ||
| netapp solidfire | ||
| NetApp CN1610 | ||
| NetApp CN1610 Firmware | ||
| netapp h610s firmware | ||
| netapp h610s |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/108549
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc.git/commit/?id=80caf43549e7e41a695c6d1e11066286538b336f
- https://security.netapp.com/advisory/ntap-20190710-0002/
- https://support.f5.com/csp/article/K60924046
- https://support.f5.com/csp/article/K60924046?utm_source=f5support&utm_medium=RSS
- https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2014901.html
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2014901.html
- https://support.f5.com/csp/article/K60924046?utm_source=f5support&%3Butm_medium=RSS
Frequently Asked Questions
What is CVE-2019-12615?
CVE-2019-12615 is a vulnerability in the Linux kernel that allows an attacker to cause a denial of service (NULL pointer dereference and system crash).
How severe is CVE-2019-12615?
CVE-2019-12615 has a severity rating of 7.5, which is considered high.
Which software is affected by CVE-2019-12615?
CVE-2019-12615 affects the Linux kernel versions 2.6.12.1 to 4.14.130, 4.19 to 4.19.56, and 5.1 to 5.1.15.
How can I fix CVE-2019-12615?
To fix CVE-2019-12615, you should update your Linux kernel to a version that is not vulnerable.
Where can I find more information about CVE-2019-12615?
You can find more information about CVE-2019-12615 on the following websites: http://www.securityfocus.com/bid/108549, https://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc.git/commit/?id=80caf43549e7e41a695c6d1e11066286538b336f, and https://security.netapp.com/advisory/ntap-20190710-0002/
- agent/type
- agent/author
- agent/remedy
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.12.1
- version/linux kernel/4.19
- version/linux kernel/5.1
- version/linux kernel/2.6.12-rc2
- version/linux kernel/2.6.12-rc3
- version/linux kernel/2.6.12-rc4
- version/linux kernel/2.6.12-rc5
- version/linux kernel/2.6.12-rc6
- version/linux kernel/5.2-rc1
- version/linux kernel/5.2-rc2
- version/linux kernel/5.2-rc3
- version/linux kernel/5.2-rc4
- vendor/netapp
- canonical/netapp aff a700s firmware
- canonical/netapp active iq unified manager for vmware vsphere
- version/netapp active iq unified manager for vmware vsphere/9.5
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp cn1610
- canonical/netapp cn1610 firmware
- canonical/netapp h610s firmware
- canonical/netapp h610s