{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-02T20:06:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f"}, {"name": "[oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"}, {"name": "[oss-security] 20190821 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/08/22/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"}, {"name": "openSUSE-SU-2019:2307", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"}, {"name": "openSUSE-SU-2019:2308", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"}, {"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/10"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"}, {"name": "USN-4254-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4254-1/"}, {"name": "USN-4254-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4254-2/"}, {"name": "USN-4258-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4258-1/"}, {"name": "USN-4287-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4287-1/"}, {"name": "USN-4287-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4287-2/"}, {"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"}, {"name": "USN-4284-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4284-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15291", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f", "refsource": "MISC", "url": "https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f"}, {"name": "[oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"}, {"name": "[oss-security] 20190821 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/08/22/1"}, {"name": "https://security.netapp.com/advisory/ntap-20190905-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"}, {"name": "openSUSE-SU-2019:2307", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"}, {"name": "openSUSE-SU-2019:2308", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"}, {"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/10"}, {"name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"}, {"name": "USN-4254-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4254-1/"}, {"name": "USN-4254-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4254-2/"}, {"name": "USN-4258-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4258-1/"}, {"name": "USN-4287-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4287-1/"}, {"name": "USN-4287-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4287-2/"}, {"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"}, {"name": "USN-4284-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4284-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:42:03.262Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f"}, {"name": "[oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"}, {"name": "[oss-security] 20190821 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/08/22/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"}, {"name": "openSUSE-SU-2019:2307", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"}, {"name": "openSUSE-SU-2019:2308", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"}, {"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"}, {"name": "USN-4254-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4254-1/"}, {"name": "USN-4254-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4254-2/"}, {"name": "USN-4258-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4258-1/"}, {"name": "USN-4287-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4287-1/"}, {"name": "USN-4287-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4287-2/"}, {"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"}, {"name": "USN-4284-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4284-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15291", "datePublished": "2019-08-20T13:23:32", "dateReserved": "2019-08-20T00:00:00", "dateUpdated": "2024-08-05T00:42:03.262Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A90662CD-A064-48C3-9A43-3B1AFCFAD2E9", "versionEndIncluding": "5.2.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el kernel de Linux hasta la versi\u00f3n 5.2.9. Hay una desreferencia de puntero NULL causada por un dispositivo USB malicioso en la funci\u00f3n flexcop_usb_probe en el controlador drivers / media / usb / b2c2 / flexcop-usb.c."}], "id": "CVE-2019-15291", "lastModified": "2019-09-06T00:15:14.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-20T14:15:11.427", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/08/22/1"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2020/Jan/10"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4254-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4254-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4258-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4284-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4287-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4287-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Null pointer dereference in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c", "id": "1749978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749978"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.", "A null pointer dereference flaw was found in the flexcop_usb_probe function in the Flexcop digital TV device driver. An attacker who can insert a malicious USB device into the system could use this flaw to crash the system."], "mitigation": {"lang": "en:us", "value": "As the b2c2-flexcop-usb module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install b2c2-flexcop-usb /bin/true\" >> /etc/modprobe.d/disable-b2c2-flexcop-usb.conf\nThe system will need to be restarted if the b2c2-flexcop-usb module is already loaded. In most circumstances, the b2c2-flexcop-usb kernel module will be unable to be unloaded while the device is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services."}, "name": "CVE-2019-15291", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-15291\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15291"], "threat_severity": "Low"}