CVE-2019-15098NULL Pointer Dereference in Kernel

CWE-476NULL Pointer DereferenceCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents9 sources
Severity
4.6MEDIUMNVD
EPSS
0.2%
top 62.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedAug 16
Latest updateMay 24

Description

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 5.3.7-1+3
NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.04

🔴Vulnerability Details

4
GHSA
GHSA-jrv5-9rmq-5rv5: drivers/net/wireless/ath/ath6kl/usb2022-05-24
OSV
CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb2019-08-16
CVEList
CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb2019-08-16
Kernel
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()2019-08-03

📋Vendor Advisories

7
Ubuntu
Linux kernel vulnerabilities2019-11-13
Ubuntu
Linux kernel vulnerabilities2019-11-13
Ubuntu
Linux kernel vulnerabilities2019-11-13
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2019-11-13
Red Hat
kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash2019-08-20

💬Community

3
Bugzilla
CVE-2019-15098 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash [fedora-all]2019-10-21
Bugzilla
CVE-2019-15290 kernel: Null pointer dereference in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c2019-09-07
Bugzilla
CVE-2019-15098 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash2019-08-20
CVE-2019-15098 — NULL Pointer Dereference in Kernel | cvebase