CVE-2019-15118

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-15118
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html Mailing List
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Patch Third Party Advisory VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 Mailing List Patch
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html Mailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html Mailing List
https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ Mailing List Patch
https://seclists.org/bugtraq/2019/Nov/11 Mailing List Patch Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/41 Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190905-0002/ Third Party Advisory
https://usn.ubuntu.com/4147-1/ Third Party Advisory
https://usn.ubuntu.com/4162-1/ Third Party Advisory
https://usn.ubuntu.com/4162-2/ Third Party Advisory
https://usn.ubuntu.com/4163-1/ Third Party Advisory
https://usn.ubuntu.com/4163-2/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4531 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:-:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
History

03 Feb 2024, 02:25

Type Values Removed Values Added
First Time Netapp h410c
Canonical
Netapp
Netapp hci Management Node
Netapp h410c Firmware
Netapp solidfire Baseboard Management Controller
Netapp solidfire Baseboard Management Controller Firmware
Netapp active Iq Unified Manager
Opensuse
Netapp solidfire
Opensuse leap
Canonical ubuntu Linux
Debian
Netapp data Availability Services
Debian debian Linux
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:-:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html - () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html - () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html - Mailing List
References () http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - () http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Patch, Third Party Advisory, VDB Entry
References () https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 - Patch, Third Party Advisory () https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 - Mailing List, Patch
References () https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - () https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - Mailing List
References () https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - () https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - Mailing List
References () https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ - () https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ - Mailing List, Patch
References () https://seclists.org/bugtraq/2019/Nov/11 - () https://seclists.org/bugtraq/2019/Nov/11 - Mailing List, Patch, Third Party Advisory
References () https://seclists.org/bugtraq/2019/Sep/41 - () https://seclists.org/bugtraq/2019/Sep/41 - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20190905-0002/ - () https://security.netapp.com/advisory/ntap-20190905-0002/ - Third Party Advisory
References () https://usn.ubuntu.com/4147-1/ - () https://usn.ubuntu.com/4147-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4162-1/ - () https://usn.ubuntu.com/4162-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4162-2/ - () https://usn.ubuntu.com/4162-2/ - Third Party Advisory
References () https://usn.ubuntu.com/4163-1/ - () https://usn.ubuntu.com/4163-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4163-2/ - () https://usn.ubuntu.com/4163-2/ - Third Party Advisory
References () https://www.debian.org/security/2019/dsa-4531 - () https://www.debian.org/security/2019/dsa-4531 - Third Party Advisory

07 Nov 2023, 03:05

Type Values Removed Values Added
References
  • {'url': 'https://lore.kernel.org/lkml/20190815043554.16623-1-benquike@gmail.com/', 'name': 'https://lore.kernel.org/lkml/20190815043554.16623-1-benquike@gmail.com/', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ -
Information

Published : 2019-08-16 14:15

Updated : 2024-02-03 02:25

NVD link : CVE-2019-15118

Mitre link : CVE-2019-15118

CVE.ORG link : CVE-2019-15118

JSON object : View

Products Affected

netapp

  • h410c
  • h410c_firmware
  • solidfire_baseboard_management_controller
  • solidfire_baseboard_management_controller_firmware
  • hci_management_node
  • active_iq_unified_manager
  • data_availability_services
  • solidfire

linux

  • linux_kernel

opensuse

  • leap

debian

  • debian_linux

canonical

  • ubuntu_linux
CWE
CWE-674

Uncontrolled Recursion