Vulnerability Details : CVE-2019-15504
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
Vulnerability category: Memory Corruption
Products affected by CVE-2019-15504
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15504
3.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15504
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-15504
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15504
-
https://support.f5.com/csp/article/K33554143?utm_source=f5support&utm_medium=RSS
Third Party Advisory
-
https://usn.ubuntu.com/4157-1/
USN-4157-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lore.kernel.org/lkml/20190819220230.10597-1-benquike@gmail.com/
[PATCH] Fix a double free bug in rsi_91x_deinit - Hui PengPatch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
[SECURITY] Fedora 30 Update: kernel-5.2.11-200.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
[SECURITY] Fedora 29 Update: kernel-headers-5.2.11-100.fc29 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20190905-0002/
August 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://support.f5.com/csp/article/K33554143
Third Party Advisory
-
https://usn.ubuntu.com/4157-2/
USN-4157-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to