First published: Mon Aug 19 2019(Updated: )
An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. Upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710</a> References: <a href="https://www.openwall.com/lists/oss-security/2019/08/20/2">https://www.openwall.com/lists/oss-security/2019/08/20/2</a> <a href="https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6">https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6</a>
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <5.1.17 | |
All of | ||
netapp h410c firmware | ||
netapp h410c | ||
NetApp Active IQ Unified Manager for VMware vSphere | ||
netapp data availability services | ||
netapp solidfire \& hci management node | ||
netapp solidfire baseboard management controller | ||
Ubuntu Linux | =14.04 | |
Ubuntu Linux | =16.04 | |
Ubuntu Linux | =18.04 | |
Ubuntu Linux | =19.04 | |
Debian GNU/Linux | =8.0 | |
openSUSE | =15.0 | |
openSUSE | =15.1 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 | |
Linux kernel | <5.1.17 | |
netapp baseboard management controller h410c firmware | ||
netapp baseboard management controller h410c | ||
Ubuntu | =14.04 | |
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Ubuntu | =19.04 | |
Debian | =8.0 | |
NetApp HCI H410C Firmware | ||
NetApp HCI H410C |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15221 has been classified as a high-severity vulnerability due to the potential for NULL pointer dereference leading to system crashes.
To fix CVE-2019-15221, you should upgrade your Linux kernel to version 5.1.17 or later.
CVE-2019-15221 affects Linux kernel versions prior to 5.1.17, including various distributions like Ubuntu and Debian.
An attacker could exploit CVE-2019-15221 through a malicious USB device, potentially causing a denial of service by crashing the kernel.
As of now, there are no publicly disclosed exploits specifically targeting CVE-2019-15221, but the risk remains significant.