CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 1CVE-2019-15222
https://notcve.org/view.php?id=CVE-2019-15222
An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.2.8. Se presenta una desreferencia del puntero NULL causada por un dispositivo USB malicioso en el controlador sound/usb/helper.c (motu_microbookii). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/08/20/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d78e1c2b7f4be00bbe62141603a631dc7812f35 https://security.netapp.com/advisory/ntap-20190905-0002 https://syzkaller.appspot.com/bug?id=3ec1dad62657fef222 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15117
https://notcve.org/view.php?id=CVE-2019-15117
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. La función parse_audio_mixer_unit en el archivo sound/usb/mixer.c en el kernel de Linux versiones hasta 5.2.9, maneja inapropiadamente un descriptor corto, conllevando a un acceso a la memoria fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=daac07156b330b18eb5071aec4b3ddca1c377f2c https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-15118
https://notcve.org/view.php?id=CVE-2019-15118
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. La función check_input_term en el archivo sound/usb/mixer.c en el kernel de Linux versiones hasta 5.2.9, maneja inapropiadamente la recursión, conllevando al agotamiento de la pila del kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html https:& • CWE-674: Uncontrolled Recursion •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2019-15098
https://notcve.org/view.php?id=CVE-2019-15098
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. El archivo drivers/net/wireless/ath/ath6kl/usb.c en el kernel de Linux versiones hasta 5.2.9 presenta una desreferencia del puntero NULL mediante una dirección incompleta en un descriptor de endpoint. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/09/27/1 http://www.openwall.com/lists/oss-security/2019/09/27/2 http://www.openwall.com/lists/oss-security/2019/09/27/3 https://lists.debian.org/debian-lts-announce/2020/01/msg00013& • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2019-15099 – kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash
https://notcve.org/view.php?id=CVE-2019-15099
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. El archivo drivers/net/wireless/ath/ath10k/usb.c en el kernel de Linux versiones hasta 5.2.8, presenta una desreferencia del puntero NULL por medio de una dirección incompleta en un descriptor de endpoint. A null pointer dereference flaw was discovered in the Linux kernel's implementation of the ath10k USB device driver. The vulnerability requires the attacker to plug in a specially crafted hardware device that present endpoint descriptors that normal ath10k devices do not recognize. System availability is the highest threat with this vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike%40gmail.com/T/#u https://security.netapp.com/advisory/ntap-20190905-0002 https://support.f5.com/csp/article/K76295179 https://support.f5.com/csp/article/K76295179?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/4258-1 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4287-1 https://usn.ubuntu.com/4287-2 http • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •