5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%
A flaw was found in the Linux kernel’s Bluetooth implementation of UART,
all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with
local access and write permissions to the Bluetooth hardware could use this
flaw to issue a specially crafted ioctl function call and cause the system
to crash.
Author | Note |
---|---|
sbeattie | code execution is not possible unless mmap_min_addr is set to 0 (not the default) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-60.67 | UNKNOWN |
ubuntu | 19.04 | noarch | linux | < 5.0.0-31.33 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-165.193 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1047.49 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-aws | < 5.0.0-1018.20 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1095.106 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1047.49~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp | < 4.15.0-1042.45 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-gcp | < 5.0.0-1020.20 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-gcp | < 4.15.0-1041.43 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2019-10207
lore.kernel.org/linux-bluetooth/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2019-10207
security-tracker.debian.org/tracker/CVE-2019-10207
ubuntu.com/security/notices/USN-4115-1
ubuntu.com/security/notices/USN-4118-1
ubuntu.com/security/notices/USN-4145-1
ubuntu.com/security/notices/USN-4147-1
www.cve.org/CVERecord?id=CVE-2019-10207
www.openwall.com/lists/oss-security/2019/07/25/1
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%