CVE-2019-15213

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.

References

http://www.openwall.com/lists/oss-security/2019/08/20/2

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7

https://security.netapp.com/advisory/ntap-20190905-0002/

https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced

Details

Source: MITRE

Published: 2019-08-19

Updated: 2019-09-06

Type: CWE-416

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 0.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
150557SUSE SLES11 Security Update : kernel (SUSE-SU-2020:14354-1)NessusSuSE Local Security Checks
critical
136661SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1)NessusSuSE Local Security Checks
critical
134486EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1197)NessusHuawei Local Security Checks
critical
134363SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1)NessusSuSE Local Security Checks
critical
134293SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0584-1)NessusSuSE Local Security Checks
critical
134289SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0560-1)NessusSuSE Local Security Checks
critical
132925SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)NessusSuSE Local Security Checks
critical
132499NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)NessusNewStart CGSL Local Security Checks
high
132490NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)NessusNewStart CGSL Local Security Checks
high
132430SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3389-1)NessusSuSE Local Security Checks
critical
132394SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3381-1)NessusSuSE Local Security Checks
critical
132390SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3379-1)NessusSuSE Local Security Checks
critical
132236SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3316-1)NessusSuSE Local Security Checks
critical
132067Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4878)NessusOracle Linux Local Security Checks
low
132032openSUSE Security Update : the Linux Kernel (openSUSE-2019-2675)NessusSuSE Local Security Checks
critical
131918Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4872)NessusOracle Linux Local Security Checks
low
131917Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4871)NessusOracle Linux Local Security Checks
low
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
131474EulerOS Virtualization for ARM 64 3.0.3.0 : kernel (EulerOS-SA-2019-2309)NessusHuawei Local Security Checks
critical
131208OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0056)NessusOracleVM Local Security Checks
high
131174Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4850)NessusOracle Linux Local Security Checks
high
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
129440EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2081)NessusHuawei Local Security Checks
critical
129129EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1972)NessusHuawei Local Security Checks
high