SB2019081622 - NULL pointer dereference in Linux kernel
Published: August 16, 2019 Updated: May 30, 2020
Security Bulletin ID
SB2019081622
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2019-15098)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "drivers/net/wireless/ath/ath6kl/usb.c". A remote attacker can trigger denial of service conditions via an incomplete address in an endpoint descriptor.
Remediation
Install update from vendor's website.
References
- https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.82
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.152
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.199
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.199
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9