First published: Mon Aug 19 2019(Updated: )
An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. Upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710</a> References: <a href="https://www.openwall.com/lists/oss-security/2019/08/20/2">https://www.openwall.com/lists/oss-security/2019/08/20/2</a> <a href="https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6">https://syzkaller.appspot.com/bug?id=240f09164db2c3d3af33a117c713dc7650dc29d6</a>
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <5.1.17 | |
NetApp H410C | ||
NetApp H410C Firmware | ||
NetApp Active IQ Unified Manager for VMware vSphere | ||
NetApp Data Availability Services | ||
NetApp SolidFire & HCI Management Node | ||
NetApp SolidFire | ||
Ubuntu | =14.04 | |
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Ubuntu | =19.04 | |
Debian Linux | =8.0 | |
SUSE Linux | =15.0 | |
SUSE Linux | =15.1 | |
All of | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
NetApp Baseboard Management Controller H410C | ||
NetApp Baseboard Management Controller H410C Firmware | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15221 has been classified as a high-severity vulnerability due to the potential for NULL pointer dereference leading to system crashes.
To fix CVE-2019-15221, you should upgrade your Linux kernel to version 5.1.17 or later.
CVE-2019-15221 affects Linux kernel versions prior to 5.1.17, including various distributions like Ubuntu and Debian.
An attacker could exploit CVE-2019-15221 through a malicious USB device, potentially causing a denial of service by crashing the kernel.
As of now, there are no publicly disclosed exploits specifically targeting CVE-2019-15221, but the risk remains significant.