CVE-2019-15505 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	𝑥 < 3.16.77
linux	linux_kernel	3.17 ≤ 𝑥 < 4.4.194
linux	linux_kernel	4.5 ≤ 𝑥 < 4.9.194
linux	linux_kernel	4.10 ≤ 𝑥 < 4.14.146
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.75
linux	linux_kernel	4.20 ≤ 𝑥 < 5.2.17
linux	linux_kernel	5.3 ≤ 𝑥 < 5.3.1
debian	debian_linux	8.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
sid	6.11.5-1 fixed
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	Fixed 4.15.0-66.75 released
disco	Fixed 5.0.0-32.34 released
eoan	not-affected
focal	not-affected
trusty	ignored
xenial	Fixed 4.4.0-166.195 released

linux-aws

bionic	Fixed 4.15.0-1052.54 released
disco	Fixed 5.0.0-1019.21 released
eoan	not-affected
focal	not-affected
trusty	Fixed 4.4.0-1056.60 released
xenial	Fixed 4.4.0-1096.107 released

linux-aws-5.0

bionic	not-affected
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-aws-hwe

bionic	dne
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	Fixed 4.15.0-1052.54~16.04.1 released

linux-azure

bionic	Fixed 5.0.0-1023.24~18.04.1 released
disco	Fixed 5.0.0-1023.24 released
eoan	not-affected
focal	not-affected
trusty	Fixed 4.15.0-1061.66~14.04.1 released
xenial	Fixed 4.15.0-1061.66 released

linux-azure-5.3

bionic	not-affected
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-azure-edge

bionic	Fixed 5.0.0-1023.24~18.04.1 released
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	Fixed 4.15.0-1061.66 released

linux-gcp

bionic	Fixed 5.0.0-1021.21~18.04.1 released
disco	Fixed 5.0.0-1021.21 released
eoan	not-affected
focal	not-affected
trusty	dne
xenial	Fixed 4.15.0-1047.50 released

linux-gcp-5.3

bionic	not-affected
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-gcp-edge

bionic	Fixed 5.0.0-1021.21~18.04.1 released
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-gke-4.15

bionic	Fixed 4.15.0-1046.49 released
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-gke-5.0

bionic	Fixed 5.0.0-1023.23~18.04.2 released
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-gke-5.3

bionic	not-affected
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-hwe

bionic	Fixed 5.0.0-32.34~18.04.2 released
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	Fixed 4.15.0-66.75~16.04.1 released

linux-hwe-edge

bionic	ignored
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	Fixed 4.15.0-66.75~16.04.1 released

linux-kvm

bionic	Fixed 4.15.0-1048.48 released
disco	Fixed 5.0.0-1020.21 released
eoan	not-affected
focal	not-affected
trusty	dne
xenial	Fixed 4.4.0-1060.67 released

linux-lts-trusty

bionic	dne
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-lts-xenial

bionic	dne
disco	dne
eoan	dne
focal	dne
trusty	Fixed 4.4.0-166.195~14.04.1 released
xenial	dne

linux-oem

bionic	Fixed 4.15.0-1059.68 released
disco	ignored
eoan	Fixed 4.15.0-1059.68 released
focal	dne
trusty	dne
xenial	ignored

linux-oem-5.6

bionic	dne
eoan	dne
focal	not-affected
trusty	dne
xenial	dne

linux-oem-osp1

bionic	Fixed 5.0.0-1025.28 released
disco	ignored
eoan	Fixed 5.0.0-1025.28 released
focal	dne
trusty	dne
xenial	dne

linux-oracle

bionic	Fixed 4.15.0-1027.30 released
disco	ignored
eoan	not-affected
focal	not-affected
trusty	dne
xenial	Fixed 4.15.0-1027.30~16.04.1 released

linux-oracle-5.0

bionic	not-affected
disco	dne
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-oracle-5.3

bionic	not-affected
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-raspi2

bionic	Fixed 4.15.0-1049.53 released
disco	Fixed 5.0.0-1020.20 released
eoan	not-affected
focal	not-affected
trusty	dne
xenial	Fixed 4.4.0-1124.133 released

linux-raspi2-5.3

bionic	not-affected
eoan	dne
focal	dne
trusty	dne
xenial	dne

linux-snapdragon

bionic	Fixed 4.15.0-1066.73 released
disco	Fixed 5.0.0-1024.25 released
eoan	dne
focal	dne
trusty	dne
xenial	Fixed 4.4.0-1128.136 released

openSUSE / SLES Releases

openSUSE Product

Release

kernel-default

suse enterprise server 12 SP1	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP2	4.4.121-92.125.1 fixed
suse enterprise server 12 SP3	4.4.180-94.107.1 fixed

kernel-default-base

suse enterprise server 12 SP1	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP2	4.4.121-92.125.1 fixed
suse enterprise server 12 SP3	4.4.180-94.107.1 fixed

kernel-default-kgraft

suse enterprise server 12 SP3

4.4.180-94.107.1

fixed

kernel-default-man

suse enterprise server 12 SP1	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP2	4.4.121-92.125.1 fixed
suse enterprise server 12 SP3	4.4.180-94.107.1 fixed

kernel-ec2

suse enterprise sap 12	3.12.74-60.64.124.1 fixed
suse enterprise sap 12 SP3	3.12.74-60.64.124.1 fixed
suse enterprise sap 12 SP4	3.12.74-60.64.124.1 fixed
suse enterprise sap 12 SP5	3.12.74-60.64.124.1 fixed
suse enterprise server 12	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP3	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP4	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP5	3.12.74-60.64.124.1 fixed

kernel-ec2-extra

suse enterprise sap 12	3.12.74-60.64.124.1 fixed
suse enterprise sap 12 SP3	3.12.74-60.64.124.1 fixed
suse enterprise sap 12 SP4	3.12.74-60.64.124.1 fixed
suse enterprise sap 12 SP5	3.12.74-60.64.124.1 fixed
suse enterprise server 12	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP3	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP4	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP5	3.12.74-60.64.124.1 fixed

kernel-macros

suse enterprise server 12 SP1	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP2	4.4.121-92.125.1 fixed
suse enterprise server 12 SP3	4.4.180-94.107.1 fixed

kernel-source

suse enterprise server 12 SP1	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP2	4.4.121-92.125.1 fixed
suse enterprise server 12 SP3	4.4.180-94.107.1 fixed

kernel-syms

suse enterprise server 12 SP1	3.12.74-60.64.124.1 fixed
suse enterprise server 12 SP2	4.4.121-92.125.1 fixed
suse enterprise server 12 SP3	4.4.180-94.107.1 fixed

kernel-xen

suse enterprise server 12 SP1

3.12.74-60.64.124.1

fixed

kernel-xen-base

suse enterprise server 12 SP1

3.12.74-60.64.124.1

fixed

kgraft-patch-3_12_74-60_64_124-default-1

suse enterprise server 12 SP1

2.3.1

fixed

kgraft-patch-3_12_74-60_64_124-xen-1

suse enterprise server 12 SP1

2.3.1

fixed

kgraft-patch-4_4_121-92_125-default-1

suse enterprise server 12 SP2

3.5.1

fixed

kgraft-patch-4_4_180-94_107-default-1

suse enterprise server 12 SP3

4.3.1

fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

bpftool

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-abi-stablelists

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-core

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-debug

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-debug-core

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-debug-devel

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-debug-modules

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-debug-modules-extra

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-devel

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-doc

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-modules

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-modules-extra

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-rt

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-core

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-debug

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-debug-core

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-debug-devel

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-debug-kvm

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-debug-modules

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-debug-modules-extra

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-devel

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-kvm

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-modules

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-rt-modules-extra

RHEL 8

0:4.18.0-553.rt7.342.el8_10

fixed

kernel-tools

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-tools-libs

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-tools-libs-devel

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-zfcpdump

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-zfcpdump-core

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-zfcpdump-devel

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-zfcpdump-modules

RHEL 8

0:4.18.0-553.el8_10

fixed

kernel-zfcpdump-modules-extra

RHEL 8

0:4.18.0-553.el8_10

fixed

perf

RHEL 8

0:4.18.0-553.el8_10

fixed

python3-perf

RHEL 8

0:4.18.0-553.el8_10

fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b

https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/

https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/

https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/

https://seclists.org/bugtraq/2019/Nov/11

https://security.netapp.com/advisory/ntap-20190905-0002/

https://support.f5.com/csp/article/K28222050

https://support.f5.com/csp/article/K28222050?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/4157-1/

https://usn.ubuntu.com/4157-2/

https://usn.ubuntu.com/4162-1/

https://usn.ubuntu.com/4162-2/

https://usn.ubuntu.com/4163-1/

https://usn.ubuntu.com/4163-2/

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b

https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/

https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/

https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/

https://seclists.org/bugtraq/2019/Nov/11

https://security.netapp.com/advisory/ntap-20190905-0002/

https://support.f5.com/csp/article/K28222050

https://support.f5.com/csp/article/K28222050?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/4157-1/

https://usn.ubuntu.com/4157-2/

https://usn.ubuntu.com/4162-1/

https://usn.ubuntu.com/4162-2/

https://usn.ubuntu.com/4163-1/

https://usn.ubuntu.com/4163-2/