CVE-2019-15505
First published: Fri Aug 23 2019(Updated: )
A vulnerability was found in technisat_usb2_get_ir in drivers/media/usb/dvb-usb/technisat-usb2.c in DVB USB subsystem, there was an out-of-bounds read for an array in struct technisat_usb2_state state->buf with no boundary check applied until 0xff byte is encountered, if it is not found with in the limits it goes beyond the array size, this exposes kernel data structure which should not happen. Reference: <a href="https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/">https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/</a> <a href="https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b">https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b</a> <a href="https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/">https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 | |
| Linux Kernel | <3.16.77 | |
| Linux Kernel | >=3.17<4.4.194 | |
| Linux Kernel | >=4.5<4.9.194 | |
| Linux Kernel | >=4.10<4.14.146 | |
| Linux Kernel | >=4.15<4.19.75 | |
| Linux Kernel | >=4.20<5.2.17 | |
| Linux Kernel | >=5.3<5.3.1 | |
| Debian Debian Linux | =8.0 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =19.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
- https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/
- https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/
- https://seclists.org/bugtraq/2019/Nov/11
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://support.f5.com/csp/article/K28222050
- https://support.f5.com/csp/article/K28222050?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/4157-1/
- https://usn.ubuntu.com/4157-2/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4162-2/
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- https://support.f5.com/csp/article/K28222050?utm_source=f5support&amp;utm_medium=RSS
- https://launchpad.net/bugs/cve/CVE-2019-15505
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
- https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/
- https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/
- https://support.f5.com/csp/article/K28222050?utm_source=f5support&%3Butm_medium=RSS
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1746734
- https://access.redhat.com/solutions/41278
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://bugzilla.redhat.com/show_bug.cgi?id=1746732
- https://security-tracker.debian.org/tracker/CVE-2019-15505
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505
- https://nvd.nist.gov/vuln/detail/CVE-2019-15505
- https://ubuntu.com/security/CVE-2019-15505
Frequently Asked Questions
What is the severity of CVE-2019-15505?
CVE-2019-15505 has a medium severity level as it can lead to potential information disclosure due to out-of-bounds reads.
How do I fix CVE-2019-15505?
To fix CVE-2019-15505, you should upgrade your Linux kernel to version 5.10.223-1 or later.
Which systems are affected by CVE-2019-15505?
CVE-2019-15505 affects various versions of the Linux kernel prior to versions that include the fix for this vulnerability.
What type of vulnerability is CVE-2019-15505?
CVE-2019-15505 is categorized as an out-of-bounds read vulnerability in the DVB USB subsystem of the Linux kernel.
Are there any known exploits for CVE-2019-15505?
As of now, no public exploits for CVE-2019-15505 have been reported.
- agent/author
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-15505
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/trending
- agent/last-modified-date
- agent/source
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.17
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.3
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/19.04