CVE-2019-15504 — Double Free in Kernel

CWE-415 — Double Free CWE-416 — Use After Free11 documents8 sources

Severity

9.8CRITICALNVD

OSV7.8

EPSS

4.1%

top 11.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux

Timeline

PublishedAug 23

Latest updateMay 24

Description

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel4.17 — 4.19.74+1

▶Debianlinux/linux_kernel< 5.2.17-1+3

▶debiandebian/linux< linux 5.2.17-1 (bookworm)

Also affects: Ubuntu Linux 18.04, 19.04

🔴Vulnerability Details

GHSA

GHSA-c27q-jw2x-f8mw: drivers/net/wireless/rsi/rsi_91x_usb↗2022-05-24

▶

OSV

linux-hwe, linux-azure, linux-gcp, linux-gke-5.0 vulnerabilities↗2019-10-22

▶

OSV

CVE-2019-15504: drivers/net/wireless/rsi/rsi_91x_usb↗2019-08-23

▶

Kernel

rsi: fix a double free bug in rsi_91x_deinit()↗2019-08-19

▶

📋Vendor Advisories

Ubuntu

Linux kernel (HWE) vulnerabilities↗2019-10-22

▶

Ubuntu

Linux kernel vulnerabilities↗2019-10-17

▶

Red Hat

kernel: double free in drivers/net/wireless/rsi/rsi_91x_usb.c via crafted USB device↗2019-08-23

▶

Debian

CVE-2019-15504: linux - drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a D...↗2019

▶

💬Community

Bugzilla

CVE-2019-15504 kernel: double free in drivers/net/wireless/rsi/rsi_91x_usb.c via crafted USB device↗2019-08-29

▶

Bugzilla

CVE-2019-15504 kernel: double free in drivers/net/wireless/rsi/rsi_91x_usb.c via crafted USB device [fedora-all]↗2019-08-29

▶