oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2

From: Tyler Hicks <tyhicks () canonical com>
Date: Fri, 27 Sep 2019 11:50:05 -0500
On 2019-08-20 20:20:34, Andrey Konovalov wrote:

* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15290

An issue was discovered in the Linux kernel through 5.2.9. There is a
NULL pointer dereference caused by a malicious USB device in the
ath6kl_usb_alloc_urb_from_pipe function in the
drivers/net/wireless/ath/ath6kl/usb.c driver.


This seems like it might be a duplicate of CVE-2019-15098. The fix for
CVE-2019-15098 was recently merged upstream:

 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39d170b3cb62ba98567f5c4f40c27b5864b304e5

If you agree, could you request that MITRE mark CVE-2019-15290 as a
duplicate of CVE-2019-15098?

Tyler
Previous By Date Next
Previous By Thread Next

Current thread: