Vulnerability Details : CVE-2019-15117
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
Vulnerability category: Overflow
Products affected by CVE-2019-15117
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15117
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15117
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2019-15117
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15117
-
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=daac07156b330b18eb5071aec4b3ddca1c377f2c
kernel/git/tiwai/sound.git - Sound sub-system treePatch;Third Party Advisory
-
https://usn.ubuntu.com/4163-2/
USN-4163-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
-
https://seclists.org/bugtraq/2019/Nov/11
Bugtraq: [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
-
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
[SECURITY] [DLA 1940-1] linux-4.9 security update
-
https://usn.ubuntu.com/4162-2/
USN-4162-2: Linux kernel (Azure) vulnerabilities | Ubuntu security notices
-
https://support.f5.com/csp/article/K16449953?utm_source=f5support&utm_medium=RSS
-
https://usn.ubuntu.com/4163-1/
USN-4163-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
Slackware Security Advisory - Slackware 14.2 kernel Updates ≈ Packet Storm
-
https://usn.ubuntu.com/4162-1/
USN-4162-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://seclists.org/bugtraq/2019/Sep/41
Bugtraq: [SECURITY] [DSA 4531-1] linux security update
-
https://usn.ubuntu.com/4147-1/
USN-4147-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://security.netapp.com/advisory/ntap-20190905-0002/
August 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
[security-announce] openSUSE-SU-2019:2173-1: important: Security update
-
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
[SECURITY] [DLA 1930-1] linux security update
-
https://lore.kernel.org/lkml/20190814023625.21683-1-benquike@gmail.com/
[PATCH] Fix an OOB bug in parse_audio_mixer_unit - Hui PengPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
[security-announce] openSUSE-SU-2019:2181-1: important: Security update
-
https://www.debian.org/security/2019/dsa-4531
Debian -- Security Information -- DSA-4531-1 linux
Jump to