Main Vulnerability Database SB2019112516

SB2019112516 - NULL pointer dereference in Linux kernel

Published: November 25, 2019 Updated: June 1, 2020

Security Bulletin ID SB2019112516

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2019-10207)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.

Remediation

Install update from vendor's website.

References

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.136
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3