CVE-2019-15220

An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.

CVSS v3 4.6 MEDIUM
CVSS v2.0 4.9 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/20/2	Mailing List Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.1	Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e41e2257f1094acc37618bf6c856115374c6922	Patch
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190905-0002/	Third Party Advisory
https://syzkaller.appspot.com/bug?id=082c09653e43e33a6a56f8c57cf051eeacae9d5f	Exploit Third Party Advisory
https://usn.ubuntu.com/4115-1/	Third Party Advisory
https://usn.ubuntu.com/4118-1/	Third Party Advisory
https://usn.ubuntu.com/4147-1/	Third Party Advisory
https://usn.ubuntu.com/4286-1/	Third Party Advisory
https://usn.ubuntu.com/4286-2/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
	cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

Configuration 5 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

History

09 Nov 2023, 14:44

Type	Values Removed	Values Added
CPE	cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:::::::*	cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::*
First Time		Netapp h410c Netapp h410c Firmware

03 Mar 2023, 15:01

Type	Values Removed	Values Added
References	~~(UBUNTU) https://usn.ubuntu.com/4115-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4115-1/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4286-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4286-1/ - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html - Mailing List, Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html - Mailing List, Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html - Mailing List, Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4118-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4118-1/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4286-2/ -~~	(UBUNTU) https://usn.ubuntu.com/4286-2/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4147-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4147-1/ - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20190905-0002/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20190905-0002/ - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - Mailing List, Third Party Advisory
CPE		cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::* cpe:2.3:a:netapp:data_availability_services:-:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere:: cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:opensuse:leap:15.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:opensuse:leap:15.1:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:::::::*
First Time		Netapp active Iq Unified Manager Canonical Debian Netapp Netapp solidfire \& Hci Management Node Netapp solidfire Baseboard Management Controller Opensuse leap Canonical ubuntu Linux Netapp baseboard Management Controller H410c Firmware Debian debian Linux Opensuse Netapp baseboard Management Controller H410c Netapp data Availability Services

Information

Published : 2019-08-19 22:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-15220

Mitre link : CVE-2019-15220

CVE.ORG link : CVE-2019-15220

JSON object : View

Products Affected

netapp

h410c_firmware
h410c
solidfire_\&_hci_management_node
data_availability_services
active_iq_unified_manager
solidfire_baseboard_management_controller

opensuse

leap

canonical

ubuntu_linux

linux

linux_kernel

debian

debian_linux

CWE

CWE-416

Use After Free

4.6 /10

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2019-15220

4.6^/10

4.9^/10

Attach tags to `CVE-2019-15220`