CVE-2019-12382

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

http://www.securityfocus.com/bid/108474

https://cgit.freedesktop.org/drm/drm-misc/commit/?id=9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f

https://lists.fedoraproject.org/archives/list/[email protected]/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/

https://lkml.org/lkml/2019/5/24/843

https://lore.kernel.org/lkml/[email protected]/

https://salsa.debian.org/kernel-team/kernel-sec/blob/master/retired/CVE-2019-12382

Details

Source: MITRE

Published: 2019-05-28

Updated: 2019-06-19

Type: CWE-476

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.1.5 (inclusive)

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
145665CentOS 8 : kernel (CESA-2019:3517)NessusCentOS Local Security Checks
critical
143971NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0108)NessusNewStart CGSL Local Security Checks
critical
137363RHEL 7 : kernel (RHSA-2020:2522)NessusRed Hat Local Security Checks
high
135813Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
high
135614EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1452)NessusHuawei Local Security Checks
high
135316CentOS 7 : kernel (CESA-2020:1016)NessusCentOS Local Security Checks
high
135080RHEL 7 : kernel (RHSA-2020:1016)NessusRed Hat Local Security Checks
high
135078RHEL 7 : kernel-rt (RHSA-2020:1070)NessusRed Hat Local Security Checks
high
134387EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)NessusHuawei Local Security Checks
critical
132499NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)NessusNewStart CGSL Local Security Checks
high
132490NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)NessusNewStart CGSL Local Security Checks
high
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
130547RHEL 8 : kernel (RHSA-2019:3517)NessusRed Hat Local Security Checks
critical
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
128842EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)NessusHuawei Local Security Checks
high
127985Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)NessusOracle Linux Local Security Checks
high
126544EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1702)NessusHuawei Local Security Checks
medium
126176Photon OS 1.0: Linux PHSA-2019-1.0-0240NessusPhotonOS Local Security Checks
high
126106Photon OS 2.0: Linux PHSA-2019-2.0-0165NessusPhotonOS Local Security Checks
critical
126059openSUSE Security Update : the Linux Kernel (openSUSE-2019-1571) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126045SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
126040openSUSE Security Update : the Linux Kernel (openSUSE-2019-1579) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126033openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125997SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1536-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125996SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1535-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125995SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1534-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125993SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125992SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1530-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125991SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125990SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125790Fedora 30 : kernel / kernel-headers (2019-f40bd7826f)NessusFedora Local Security Checks
high
125746Fedora 29 : kernel / kernel-headers / kernel-tools (2019-7ec378191e)NessusFedora Local Security Checks
high