First published: Mon Aug 19 2019(Updated: )
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <5.1.8 | |
NetApp H410C | ||
NetApp H410C Firmware | ||
NetApp Active IQ Unified Manager for VMware vSphere | ||
NetApp Data Availability Services | ||
NetApp SolidFire & HCI Management Node | ||
NetApp SolidFire | ||
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Ubuntu | =19.04 | |
Debian Linux | =8.0 | |
SUSE Linux | =15.0 | |
SUSE Linux | =15.1 | |
All of | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
NetApp Baseboard Management Controller H410C | ||
NetApp Baseboard Management Controller H410C Firmware | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15212 has a high severity rating due to the potential exploitation via a malicious USB device, leading to a double-free vulnerability.
To fix CVE-2019-15212, upgrade to the Linux kernel version 5.1.8 or later.
CVE-2019-15212 affects Linux kernel versions prior to 5.1.8, as well as various firmware provided by NetApp.
CVE-2019-15212 exploits a vulnerability in the rio500 USB driver within the Linux kernel.
Users and systems running affected versions of the Linux kernel or specific NetApp firmware are at risk due to CVE-2019-15212.