5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.3%
DISPUTED An issue was discovered in sunxi_divs_clk_setup in
drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is
an unchecked kstrndup of derived_name, which might allow an attacker to
cause a denial of service (NULL pointer dereference and system crash).
NOTE: This id is disputed as not being an issue because βThe memory
allocation that was not checked is part of a code that only runs at boot
time, before user processes are started. Therefore, there is no possibility
for an unprivileged user to control it, and no denial of service.β.
Author | Note |
---|---|
tyhicks | This issue has a questionable security impact. The memory allocation is in the module init path and it isnβt clear if it is actually vulnerable to an attacker. This issue only affects kernels built with CONFIG_CLK_SUNXI_CLOCKS enabled. Ubuntu does not enable that config option in any kernels. |
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fcdf445ff42f036d22178b49cf64e92d527c1330
launchpad.net/bugs/cve/CVE-2019-12455
nvd.nist.gov/vuln/detail/CVE-2019-12455
security-tracker.debian.org/tracker/CVE-2019-12455
www.cve.org/CVERecord?id=CVE-2019-12455
www.mail-archive.com/[email protected]/msg2010240.html
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.3%