oss-sec mailing list archives
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2
From: Tyler Hicks <tyhicks () canonical com>
Date: Fri, 27 Sep 2019 13:53:10 -0500
On 2019-09-27 19:01:48, Andrey Konovalov wrote:
On Fri, Sep 27, 2019 at 6:51 PM Tyler Hicks <tyhicks () canonical com> wrote:On 2019-08-20 20:20:34, Andrey Konovalov wrote:* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15290 An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver.This seems like it might be a duplicate of CVE-2019-15098. The fix for CVE-2019-15098 was recently merged upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39d170b3cb62ba98567f5c4f40c27b5864b304e5 If you agree, could you request that MITRE mark CVE-2019-15290 as a duplicate of CVE-2019-15098?Oh, nice, Mathias and Hui found it as well and fixed it! =) Yes, these two CVEs are for the same issue, feel free to mark them as such.
I've requested that MITRE mark CVE-2019-15290 as a dupe of CVE-2019-15098. Thanks! Tyler
Current thread:
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2, (continued)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Mathias Payer (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Stuart D. Gathman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 23)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Sep 27)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks (Sep 27)