CVE-2019-16233 - Vulnerability Details - OpenCVE

drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00091.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:5.2.14:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1160.rt56.1131.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2020:4062	2020-09-29T00:00:00Z
kernel-0:3.10.0-1160.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:4060	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-240.rt7.54.el8	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2020:4609	2020-11-04T00:00:00Z
kernel-0:4.18.0-240.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:4431	2020-11-04T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Canonical Subscribe	Ubuntu Linux Subscribe
Linux Subscribe	Linux Kernel Subscribe
Opensuse Subscribe	Leap Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Rhel Extras Rt Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2019-7040	drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Ubuntu USN	USN-4226-1	Linux kernel vulnerabilities
Ubuntu USN	USN-4227-1	Linux kernel vulnerabilities
Ubuntu USN	USN-4227-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-4346-1	Linux kernel vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
https://lkml.org/lkml/2019/9/9/487
https://nvd.nist.gov/vuln/detail/CVE-2019-16233
https://security.netapp.com/advisory/ntap-20191004-0001/
https://usn.ubuntu.com/4226-1/
https://usn.ubuntu.com/4227-1/
https://usn.ubuntu.com/4227-2/
https://usn.ubuntu.com/4346-1/
https://www.cve.org/CVERecord?id=CVE-2019-16233

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-11T15:30:01

Updated: 2024-08-05T01:10:41.666Z

Reserved: 2019-09-11T00:00:00

Link: CVE-2019-16233

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-11T16:15:11.647

Modified: 2024-11-21T04:30:20.190

Link: CVE-2019-16233

Redhat

Severity : Low

Publid Date: 2019-09-09T00:00:00Z

Links: CVE-2019-16233 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-06T14:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lkml.org/lkml/2019/9/9/487"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"}, {"name": "openSUSE-SU-2019:2444", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"}, {"name": "openSUSE-SU-2019:2503", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"}, {"name": "USN-4227-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4227-1/"}, {"name": "USN-4226-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4226-1/"}, {"name": "USN-4227-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4227-2/"}, {"name": "USN-4346-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4346-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16233", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lkml.org/lkml/2019/9/9/487", "refsource": "MISC", "url": "https://lkml.org/lkml/2019/9/9/487"}, {"name": "https://security.netapp.com/advisory/ntap-20191004-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"}, {"name": "openSUSE-SU-2019:2444", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"}, {"name": "openSUSE-SU-2019:2503", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"}, {"name": "USN-4227-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4227-1/"}, {"name": "USN-4226-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4226-1/"}, {"name": "USN-4227-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4227-2/"}, {"name": "USN-4346-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4346-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:10:41.666Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lkml.org/lkml/2019/9/9/487"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"}, {"name": "openSUSE-SU-2019:2444", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"}, {"name": "openSUSE-SU-2019:2503", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"}, {"name": "USN-4227-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4227-1/"}, {"name": "USN-4226-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4226-1/"}, {"name": "USN-4227-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4227-2/"}, {"name": "USN-4346-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4346-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16233", "datePublished": "2019-09-11T15:30:01", "dateReserved": "2019-09-11T00:00:00", "dateUpdated": "2024-08-05T01:10:41.666Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:5.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "C324614A-D986-40EF-A933-4CD401A10B30", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."}, {"lang": "es", "value": "El archivo drivers/scsi/qla2xxx/qla_os.c en el kernel de Linux versi\u00f3n 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL."}], "id": "CVE-2019-16233", "lastModified": "2024-11-21T04:30:20.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-11T16:15:11.647", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://lkml.org/lkml/2019/9/9/487"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4226-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4227-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4227-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4346-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://lkml.org/lkml/2019/9/9/487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191004-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4226-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4227-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4227-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4346-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4062", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.rt56.1131.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4060", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4609", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-240.rt7.54.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4431", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-240.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c", "id": "1760420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760420"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial of service. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2019-16233", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-09-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-16233\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16233\nhttps://lkml.org/lkml/2019/9/9/487"], "threat_severity": "Low"}