Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-15117
HistoryAug 16, 2019 - 12:00 a.m.

CVE-2019-15117

2019-08-1600:00:00
ubuntu.com
ubuntu.com
26

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.0%

parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through
5.2.9 mishandles a short descriptor, leading to out-of-bounds memory
access.

Notes

Author Note
tyhicks The parse_audio_mixer_unit() function has changed its handling of the input pins and source ID over time but I believe that it is vulnerable all the way back to the start of git history.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-66.75UNKNOWN
ubuntu19.04noarchlinux< 5.0.0-31.33UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-166.195UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1052.54UNKNOWN
ubuntu19.04noarchlinux-aws< 5.0.0-1018.20UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1056.60UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1096.107UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1052.54~16.04.1UNKNOWN
ubuntu18.04noarchlinux-azure< 5.0.0-1022.23~18.04.1UNKNOWN
ubuntu19.04noarchlinux-azure< 5.0.0-1022.23UNKNOWN
Rows per page:
1-10 of 401

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.0%