CVE-2019-15099
Advisory lineage Upstream: 0 Downstream: 16
Modified
Published: 16 Aug 2019, 01:15
Last modified:05 Aug 2024, 00:34
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
7.8 HIGH
v2.0 (nvd)
EPSS Score
1.63% LOW
2% probability -0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Aug 2019, 01:15
Published
Vulnerability first disclosed
05 Aug 2024, 00:34
Last Modified
Vulnerability information updated
Description
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•HIGH•Score: 7.8AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 1.63%• Percentile: 82%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 19.10
- linux•linux_kernel
≥ 4.14, < 4.14.157 | ≥ 4.15, < 4.19.87 | ≥ 4.20, < 5.3.14 | ≥ 5.4.0, < 5.4.1
References (9)
- https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike%40gmail.com/T/#u
- https://security.netapp.com/advisory/ntap-20190905-0002/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://support.f5.com/csp/article/K76295179
- https://support.f5.com/csp/article/K76295179?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4258-1/
- https://usn.ubuntu.com/4287-1/
- https://usn.ubuntu.com/4287-2/
- https://usn.ubuntu.com/4284-1/