Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-15213
HistoryAug 19, 2019 - 12:00 a.m.

CVE-2019-15213

2019-08-1900:00:00
ubuntu.com
ubuntu.com
20

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.4%

An issue was discovered in the Linux kernel before 5.2.3. There is a
use-after-free caused by a malicious USB device in the
drivers/media/usb/dvb-usb/dvb-usb-init.c driver.

Bugs

Notes

Author Note
tyhicks Setting priority to low since this issue requires a malicious USB device to be inserted into the system Ben Hutchings noticed that commit 6cf97230cd5f (“media: dvb: usb: fix use after free in dvb_usb_device_exit”), which is mentioned in the CVE references for this issue, likely doesn’t fix the problem. See the lore reference above for details. I think Ben is correct and have adjusted our break-fix metadata to use the break commit that he pointed out.
sbeattie unfixed upstream as of 2022-01-27

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.4%