CVE-2019-12382

An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
linuxlinux_kernel
𝑥
≤ 5.1.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
unimportant
bullseye (security)
unimportant
bookworm
unimportant
bookworm (security)
unimportant
trixie
unimportant
sid
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
disco
ignored
cosmic
ignored
bionic
ignored
xenial
ignored
trusty
ignored
linux-aws
disco
ignored
cosmic
ignored
bionic
ignored
xenial
ignored
trusty
ignored
linux-aws-hwe
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-azure
disco
ignored
cosmic
ignored
bionic
ignored
xenial
ignored
trusty
ignored
linux-azure-edge
disco
dne
cosmic
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-euclid
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-flo
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-gcp
disco
ignored
cosmic
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-gcp-edge
disco
dne
cosmic
dne
bionic
ignored
xenial
dne
trusty
dne
linux-gke
disco
dne
cosmic
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-goldfish
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-grouper
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe
disco
dne
cosmic
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-hwe-edge
disco
dne
cosmic
dne
bionic
ignored
xenial
ignored
trusty
dne
linux-kvm
disco
ignored
cosmic
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-lts-trusty
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-utopic
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-vivid
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-wily
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-xenial
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
ignored
linux-maguro
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-mako
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-manta
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem
disco
ignored
cosmic
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-oracle
disco
ignored
cosmic
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-raspi2
disco
ignored
cosmic
ignored
bionic
ignored
xenial
ignored
trusty
dne
linux-snapdragon
disco
ignored
cosmic
dne
bionic
ignored
xenial
ignored
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
http://www.securityfocus.com/bid/108474
https://cgit.freedesktop.org/drm/drm-misc/commit/?id=9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/
https://lkml.org/lkml/2019/5/24/843
https://lore.kernel.org/lkml/87o93u7d3s.fsf%40intel.com/
https://salsa.debian.org/kernel-team/kernel-sec/blob/master/retired/CVE-2019-12382
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
http://www.securityfocus.com/bid/108474
https://cgit.freedesktop.org/drm/drm-misc/commit/?id=9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/
https://lkml.org/lkml/2019/5/24/843
https://lore.kernel.org/lkml/87o93u7d3s.fsf%40intel.com/
https://salsa.debian.org/kernel-team/kernel-sec/blob/master/retired/CVE-2019-12382