CVE-2019-10207
kernel: null-pointer dereference in hci_uart_set_flow_control
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.
Se encontró un fallo en la implementación Bluetooth del kernel de Linux de UART, todas las versiones del kernel 3.x.x anteriores a 4.18.0 y kernel 5.x.x. Un atacante con acceso local y permisos de escritura en el hardware de Bluetooth podría usar este fallo para emitir una llamada de función ioctl especialmente diseñada y causar que el sistema se bloquee.
A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-27 CVE Reserved
- 2019-08-12 CVE Published
- 2022-03-27 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10207 | Issue Tracking | |
https://security.netapp.com/advisory/ntap-20200103-0001 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://github.com/butterflyhack/CVE-2019-10207 | 2022-03-27 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2019-10207 | 2020-03-31 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1733874 | 2020-03-31 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.0 < 4.18.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 4.18.0" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.0 <= 5.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 <= 5.4" | - |
Affected
|