CVE-2019-10207

CWE-476NULL Pointer Dereference14 documents9 sources
Severity
5.5MEDIUM
EPSS
0.7%
top 27.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux Linux KernelRED HAT Kernel
Timeline
PublishedNov 25
Latest updateMay 24

Description

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel3.04.18.0+1
CVEListV5red_hat/kernelall versions kernel 3.x.x before 4.18.0 and kernel 5.x.x
Debianlinux< 5.2.6-1+3

🔴Vulnerability Details

5
GHSA
GHSA-frg3-qcjh-fvr9: A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 32022-05-24
OSV
CVE-2019-10207: A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 32019-11-25
CVEList
CVE-2019-10207: A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 32019-11-25
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2019-10-04
Kernel
Bluetooth: hci_uart: check for missing tty operations2019-07-30

📋Vendor Advisories

6
Ubuntu
Linux kernel vulnerabilities2019-10-04
Ubuntu
Linux kernel vulnerabilities2019-10-01
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel vulnerabilities2019-09-02
Red Hat
kernel: null-pointer dereference in hci_uart_set_flow_control2019-07-29

💬Community

2
Bugzilla
CVE-2019-10207 kernel: null-pointer dereference in hci_uart_set_flow_control [fedora-all]2019-07-30
Bugzilla
CVE-2019-10207 kernel: null-pointer dereference in hci_uart_set_flow_control2019-07-29