Vulnerability-Lookup

CVE-2019-15291 (GCVE-0-2019-15291)

Vulnerability from cvelistv5 – Published: 2019-08-20 13:23 – Updated: 2024-08-05 00:42

Summary

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

16 references

URL	Tags
https://syzkaller.appspot.com/bug?id=c0203bd72037…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/08/20/2	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/08/22/1	mailing-listx_refsource_MLIST
https://security.netapp.com/advisory/ntap-2019090…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://seclists.org/bugtraq/2020/Jan/10	mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/155890/Slack…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4254-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4254-2/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4258-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4287-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4287-2/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4284-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f"
          },
          {
            "name": "[oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"
          },
          {
            "name": "[oss-security] 20190821 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/08/22/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
          },
          {
            "name": "openSUSE-SU-2019:2307",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
          },
          {
            "name": "openSUSE-SU-2019:2308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
          },
          {
            "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "USN-4254-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-1/"
          },
          {
            "name": "USN-4254-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4254-2/"
          },
          {
            "name": "USN-4258-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4258-1/"
          },
          {
            "name": "USN-4287-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-1/"
          },
          {
            "name": "USN-4287-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4287-2/"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "USN-4284-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4284-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T20:06:20.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f"
        },
        {
          "name": "[oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"
        },
        {
          "name": "[oss-security] 20190821 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/08/22/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
        },
        {
          "name": "openSUSE-SU-2019:2307",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
        },
        {
          "name": "openSUSE-SU-2019:2308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
        },
        {
          "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "USN-4254-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-1/"
        },
        {
          "name": "USN-4254-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4254-2/"
        },
        {
          "name": "USN-4258-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4258-1/"
        },
        {
          "name": "USN-4287-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-1/"
        },
        {
          "name": "USN-4287-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4287-2/"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "USN-4284-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4284-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-15291",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f",
              "refsource": "MISC",
              "url": "https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f"
            },
            {
              "name": "[oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/08/20/2"
            },
            {
              "name": "[oss-security] 20190821 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/08/22/1"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
            },
            {
              "name": "openSUSE-SU-2019:2307",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2019:2308",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
            },
            {
              "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/10"
            },
            {
              "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "USN-4254-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4254-1/"
            },
            {
              "name": "USN-4254-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4254-2/"
            },
            {
              "name": "USN-4258-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4258-1/"
            },
            {
              "name": "USN-4287-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-1/"
            },
            {
              "name": "USN-4287-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4287-2/"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "USN-4284-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4284-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-15291",
    "datePublished": "2019-08-20T13:23:32.000Z",
    "dateReserved": "2019-08-20T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:42:03.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-15291",
      "date": "2026-05-29",
      "epss": "0.00101",
      "percentile": "0.27584"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-15291\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-08-20T14:15:11.427\",\"lastModified\":\"2024-11-21T04:28:23.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en el kernel de Linux hasta la versi\u00f3n 5.2.9. Hay una desreferencia de puntero NULL causada por un dispositivo USB malicioso en la funci\u00f3n flexcop_usb_probe en el controlador drivers / media / usb / b2c2 / flexcop-usb.c.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.9\",\"matchCriteriaId\":\"A90662CD-A064-48C3-9A43-3B1AFCFAD2E9\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/08/20/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/08/22/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/10\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190905-0002/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4254-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4254-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4258-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4284-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4287-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4287-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/08/20/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/08/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190905-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://syzkaller.appspot.com/bug?id=c0203bd72037d07493f4b7562411e4f5f4553a8f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4254-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4254-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4258-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4284-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4287-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4287-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

WID-SEC-W-2024-3638

Vulnerability from csaf_certbund - Published: 2019-08-19 22:00 - Updated: 2024-12-09 23:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Codeausführung

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux

CVE-2019-15211

Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber für USB-Geräte zurückzuführen sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15212

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15213

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15214

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15215

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15216

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15217

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15218

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15219

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15220

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15221

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15222

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15223

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15290

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

CVE-2019-15291

Affected products

Known affected 12 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Avaya Aura System Manager Avaya	`cpe:/a:avaya:aura_system_manager:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Avaya Aura Application Enablement Services Avaya	`cpe:/a:avaya:aura_application_enablement_services:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Avaya Aura Session Manager Avaya	`cpe:/a:avaya:session_manager:-`	—
Avaya Aura Communication Manager Avaya	`cpe:/a:avaya:communication_manager:-`	—
Open Source Linux Kernel <5.2.8 Open Source / Linux Kernel		<5.2.8
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Avaya Web License Manager Avaya	`cpe:/a:avaya:web_license_manager:-`	—

References

70 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://nvd.nist.gov/vuln/detail/CVE-2019-15211	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15212	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15213	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15214	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15215	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15216	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15217	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15218	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15219	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15220	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15221	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15222	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15223	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15290	external
https://nvd.nist.gov/vuln/detail/CVE-2019-15291	external
https://usn.ubuntu.com/4118-1/	external
https://usn.ubuntu.com/4115-1/	external
https://usn.ubuntu.com/4115-2/	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://usn.ubuntu.com/4145-1/	external
https://usn.ubuntu.com/4147-1/	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://usn.ubuntu.com/4254-1/	external
https://usn.ubuntu.com/4254-2/	external
https://usn.ubuntu.com/4258-1/	external
https://usn.ubuntu.com/4284-1/	external
https://usn.ubuntu.com/4286-2/	external
https://usn.ubuntu.com/4287-2/	external
https://www.dell.com/support/security/de-de/detai…	external
https://lists.debian.org/debian-lts-announce/2020…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://lists.debian.org/debian-lts-announce/2020…	external
https://www.suse.com/support/update/announcement/…	external
https://usn.ubuntu.com/4302-1/	external
https://oss.oracle.com/pipermail/el-errata/2020-F…	external
https://access.redhat.com/errata/RHSA-2020:1567	external
https://access.redhat.com/errata/RHSA-2020:1769	external
https://www.suse.com/support/update/announcement/…	external
https://oss.oracle.com/pipermail/el-errata/2020-M…	external
https://www.suse.com/support/update/announcement/…	external
https://oss.oracle.com/pipermail/oraclevm-errata/…	external
https://access.redhat.com/errata/RHSA-2020:4062	external
https://access.redhat.com/errata/RHSA-2020:4060	external
https://oss.oracle.com/pipermail/oraclevm-errata/…	external
https://downloads.avaya.com/css/P8/documents/101071393	external
https://linux.oracle.com/errata/ELSA-2024-12868.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3638 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-3638.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3638 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3638"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15211 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15211"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15212 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15212"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15213 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15213"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15214 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15214"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15215 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15215"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15216 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15216"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15217 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15217"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15218 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15218"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15219 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15219"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15220 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15220"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15221 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15221"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15222 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15222"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15223 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15223"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15223 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15290"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2019-15223 vom 2019-08-19",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15291"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4118-1 vom 2019-09-03",
        "url": "https://usn.ubuntu.com/4118-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4115-1 vom 2019-09-03",
        "url": "https://usn.ubuntu.com/4115-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4115-2 vom 2019-09-11",
        "url": "https://usn.ubuntu.com/4115-2/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2414-1 vom 2019-09-20",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192414-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2424-1 vom 2019-09-21",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192424-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2412-1 vom 2019-09-20",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192412-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4145-1 vom 2019-10-01",
        "url": "https://usn.ubuntu.com/4145-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4147-1 vom 2019-10-04",
        "url": "https://usn.ubuntu.com/4147-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2648-1 vom 2019-10-12",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192648-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2658-1 vom 2019-10-15",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192658-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2651-1 vom 2019-10-14",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192651-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2706-1 vom 2019-10-18",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192706-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2710-1 vom 2019-10-18",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192710-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2738-1 vom 2019-10-22",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192738-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2756-1 vom 2019-10-24",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192756-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2879-1 vom 2019-11-01",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192879-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2949-1 vom 2019-11-13",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2950-1 vom 2019-11-13",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14218-1 vom 2019-11-13",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914218-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2984-1 vom 2019-11-16",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:3295-1 vom 2019-12-14",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193295-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:3316-1 vom 2019-12-18",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:3372-1 vom 2019-12-20",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193372-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:3379-1 vom 2019-12-21",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193379-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:3381-1 vom 2019-12-23",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193381-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:3389-1 vom 2019-12-28",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193389-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0093-1 vom 2020-01-14",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4254-1 vom 2020-01-28",
        "url": "https://usn.ubuntu.com/4254-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4254-2 vom 2020-01-29",
        "url": "https://usn.ubuntu.com/4254-2/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4258-1 vom 2020-01-29",
        "url": "https://usn.ubuntu.com/4258-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4284-1 vom 2020-02-18",
        "url": "https://usn.ubuntu.com/4284-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4286-1 vom 2020-02-18",
        "url": "https://usn.ubuntu.com/4286-2/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4287-1 vom 2020-02-18",
        "url": "https://usn.ubuntu.com/4287-2/"
      },
      {
        "category": "external",
        "summary": "EMC Security Advisory DSA-2020-053 vom 2020-02-27",
        "url": "https://www.dell.com/support/security/de-de/details/DOC-111088/DSA-2020-053-RSA\u0026"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA 2068 vom 2020-03-02",
        "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00013.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0560-1 vom 2020-03-03",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200560-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0584-1 vom 2020-03-04",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200584-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0599-1 vom 2020-03-06",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200599-1.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA 2131 vom 2020-03-05",
        "url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202003/msg00001.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0613-1 vom 2020-03-10",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200613-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4302-1 vom 2020-03-17",
        "url": "https://usn.ubuntu.com/4302-1/"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-5540 vom 2020-04-24",
        "url": "https://oss.oracle.com/pipermail/el-errata/2020-February/009648.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1567 vom 2020-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:1567"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1769 vom 2020-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:1769"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:14354-1 vom 2020-05-01",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-202014354-1.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-1769 vom 2020-05-13",
        "url": "https://oss.oracle.com/pipermail/el-errata/2020-May/009919.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:1255-1 vom 2020-05-15",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201255-1.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0028 vom 2020-07-13",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-July/000989.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4062 vom 2020-09-29",
        "url": "https://access.redhat.com/errata/RHSA-2020:4062"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4060 vom 2020-09-29",
        "url": "https://access.redhat.com/errata/RHSA-2020:4060"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0044 vom 2020-10-09",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-October/001000.html"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2020-140 vom 2020-10-14",
        "url": "https://downloads.avaya.com/css/P8/documents/101071393"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12868 vom 2024-12-09",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12868.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-12-09T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-10T09:53:55.141+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3638",
      "initial_release_date": "2019-08-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-08-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-08-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "cve\u0027s erg\u00e4nzt"
        },
        {
          "date": "2019-09-02T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2019-09-10T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2019-09-22T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-09-30T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2019-10-06T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2019-10-13T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-10-14T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-10-17T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-10-20T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-10-20T22:00:00.000+00:00",
          "number": "12",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2019-10-22T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-10-23T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-10-31T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-11-12T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-11-13T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-11-17T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-11-21T23:00:00.000+00:00",
          "number": "19",
          "summary": "Referenz(en) aufgenommen: OVMSA-2019-0056"
        },
        {
          "date": "2019-12-15T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-12-17T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-12-22T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-12-23T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-12-29T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-01-14T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-01-27T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2020-01-28T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2020-02-18T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2020-02-26T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von EMC aufgenommen"
        },
        {
          "date": "2020-03-02T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Debian und SUSE aufgenommen"
        },
        {
          "date": "2020-03-04T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-03-05T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von SUSE und Debian aufgenommen"
        },
        {
          "date": "2020-03-09T23:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-03-16T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2020-04-23T22:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-04-28T22:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-05-03T22:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-05-13T22:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-05-14T22:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-07-13T22:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2020-09-29T22:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-10-11T22:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2020-10-13T22:00:00.000+00:00",
          "number": "43",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2024-12-09T23:00:00.000+00:00",
          "number": "44",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "44"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Communication Manager",
            "product": {
              "name": "Avaya Aura Communication Manager",
              "product_id": "T015126",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:communication_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Session Manager",
            "product": {
              "name": "Avaya Aura Session Manager",
              "product_id": "T015127",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:session_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura System Manager",
            "product": {
              "name": "Avaya Aura System Manager",
              "product_id": "T015518",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_system_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Web License Manager",
            "product": {
              "name": "Avaya Web License Manager",
              "product_id": "T016243",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:web_license_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.2.8",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.2.8",
                  "product_id": "T014861"
                }
              },
              {
                "category": "product_version",
                "name": "5.2.8",
                "product": {
                  "name": "Open Source Linux Kernel 5.2.8",
                  "product_id": "T014861-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.2.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle VM",
            "product": {
              "name": "Oracle VM",
              "product_id": "T011119",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:vm:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-15211",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15211"
    },
    {
      "cve": "CVE-2019-15212",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15212"
    },
    {
      "cve": "CVE-2019-15213",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15213"
    },
    {
      "cve": "CVE-2019-15214",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15214"
    },
    {
      "cve": "CVE-2019-15215",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15215"
    },
    {
      "cve": "CVE-2019-15216",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15216"
    },
    {
      "cve": "CVE-2019-15217",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15217"
    },
    {
      "cve": "CVE-2019-15218",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15218"
    },
    {
      "cve": "CVE-2019-15219",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15219"
    },
    {
      "cve": "CVE-2019-15220",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15220"
    },
    {
      "cve": "CVE-2019-15221",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15221"
    },
    {
      "cve": "CVE-2019-15222",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15222"
    },
    {
      "cve": "CVE-2019-15223",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15223"
    },
    {
      "cve": "CVE-2019-15290",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15290"
    },
    {
      "cve": "CVE-2019-15291",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen, welche auf Use-After-Free, Double Free und Null-Zeiger-Referenzierungen-Schwachstellen in Treiber f\u00fcr USB-Ger\u00e4te zur\u00fcckzuf\u00fchren sind. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "T000126",
          "T015127",
          "T015126",
          "T014861",
          "T004914",
          "T016243"
        ]
      },
      "release_date": "2019-08-19T22:00:00.000+00:00",
      "title": "CVE-2019-15291"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-15291 (GCVE-0-2019-15291)

WID-SEC-W-2024-3638

Tags

Sightings

Nomenclature