CVE-2019-16233NULL Pointer Dereference in Ubuntu Linux

CWE-476NULL Pointer Dereference15 documents7 sources
Severity
4.1MEDIUMNVD
OSV9.8OSV8.8
EPSS
0.1%
top 74.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelCanonical Ubuntu LinuxOpensuse Leap+2 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.5 | Impact: 3.6

Affected Packages4 packages

Ubuntulinux/linux_kernel< 4.4.0-178.208+1
NVDlinux/linux_kernel5.2.14
debiandebian/linux
NVDopensuse/leap15.0, 15.1+1

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 19.04, Enterprise Linux 7.0, 8.0

Patches

Patch: lkml.orgPatch: lkml.org

🔴Vulnerability Details

6
GHSA
GHSA-p77w-2m7c-p3r6: drivers/scsi/qla2xxx/qla_os2022-05-24
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities2020-04-29
OSV
linux-azure vulnerabilities2020-01-07
OSV
linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities2020-01-07
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2020-01-07

📋Vendor Advisories

6
Ubuntu
Linux kernel vulnerabilities2020-04-29
Ubuntu
Linux kernel vulnerabilities2020-01-07
Ubuntu
Linux kernel (Azure) vulnerabilities2020-01-07
Ubuntu
Linux kernel vulnerabilities2020-01-07
Red Hat
kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c2019-09-09

💬Community

2
Bugzilla
CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c [fedora-all]2019-10-10
Bugzilla
CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c2019-10-10