Vulnerability Details : CVE-2019-15505
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
Products affected by CVE-2019-15505
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Threat overview for CVE-2019-15505
Top countries where our scanners detected CVE-2019-15505
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2019-15505 31,679
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-15505!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-15505
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15505
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-15505
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15505
-
https://usn.ubuntu.com/4163-2/
USN-4163-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://seclists.org/bugtraq/2019/Nov/11
Bugtraq: [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)Mailing List;Third Party Advisory
-
https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
media_tree.git - Upstream media tree for Remote Controllers, V4L and DVBPatch;Third Party Advisory
-
https://usn.ubuntu.com/4162-2/
USN-4162-2: Linux kernel (Azure) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/
Re: [PATCH] Fix an OOB access bug in technisat_usb2_get_ir - Hui PengPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
[SECURITY] [DLA 2114-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4163-1/
USN-4163-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/4157-1/
USN-4157-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
Slackware Security Advisory - Slackware 14.2 kernel Updates ≈ Packet StormThird Party Advisory;VDB Entry
-
https://usn.ubuntu.com/4162-1/
USN-4162-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
[SECURITY] Fedora 30 Update: kernel-5.2.11-200.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://support.f5.com/csp/article/K28222050?utm_source=f5support&utm_medium=RSS
Third Party Advisory
-
https://support.f5.com/csp/article/K28222050
Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
[SECURITY] [DLA 2068-1] linux security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
[SECURITY] Fedora 29 Update: kernel-headers-5.2.11-100.fc29 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20190905-0002/
August 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/
Re: [PATCH] Fix an OOB access bug in technisat_usb2_get_ir - Sean YoungPatch;Third Party Advisory
-
https://usn.ubuntu.com/4157-2/
USN-4157-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to