CVE-2019-15917

An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
linuxlinux_kernel
3.12.61 ≤
𝑥
< 3.13
linuxlinux_kernel
4.7 ≤
𝑥
< 4.9.202
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.109
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.32
linuxlinux_kernel
4.20 ≤
𝑥
< 5.0.5
debiandebian_linux
8.0
opensuseleap
15.0
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
eoan
not-affected
disco
not-affected
bionic
Fixed 4.15.0-60.67
released
xenial
not-affected
trusty
ignored
linux-aws
eoan
not-affected
disco
not-affected
bionic
Fixed 4.15.0-1047.49
released
xenial
not-affected
trusty
ignored
linux-aws-5.0
eoan
dne
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-aws-hwe
eoan
dne
disco
dne
bionic
dne
xenial
Fixed 4.15.0-1047.49~16.04.1
released
trusty
dne
linux-azure
eoan
not-affected
disco
not-affected
bionic
Fixed 5.0.0-1014.14~18.04.1
released
xenial
Fixed 4.15.0-1056.61
released
trusty
Fixed 4.15.0-1059.64~14.04.1
released
linux-azure-5.3
eoan
dne
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-azure-edge
eoan
dne
disco
dne
bionic
Fixed 5.0.0-1014.14~18.04.1
released
xenial
Fixed 4.15.0-1056.61
released
trusty
dne
linux-gcp
eoan
not-affected
disco
not-affected
bionic
Fixed 4.15.0-1042.45
released
xenial
Fixed 4.15.0-1041.43
released
trusty
dne
linux-gcp-5.3
eoan
dne
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-gcp-edge
eoan
dne
disco
dne
bionic
Fixed 4.15.0-1042.45
released
xenial
dne
trusty
dne
linux-gke-4.15
eoan
dne
disco
dne
bionic
Fixed 4.15.0-1041.43
released
xenial
dne
trusty
dne
linux-gke-5.0
eoan
dne
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-hwe
eoan
dne
disco
dne
bionic
Fixed 5.0.0-23.24~18.04.1
released
xenial
Fixed 4.15.0-60.67~16.04.1
released
trusty
dne
linux-hwe-edge
eoan
dne
disco
dne
bionic
not-affected
xenial
Fixed 4.15.0-60.67~16.04.1
released
trusty
dne
linux-kvm
eoan
not-affected
disco
not-affected
bionic
Fixed 4.15.0-1043.43
released
xenial
not-affected
trusty
dne
linux-lts-trusty
eoan
dne
disco
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-xenial
eoan
dne
disco
dne
bionic
dne
xenial
dne
trusty
ignored
linux-oem
eoan
Fixed 4.15.0-1059.68
released
disco
ignored
bionic
Fixed 4.15.0-1056.65
released
xenial
ignored
trusty
dne
linux-oem-5.4
eoan
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-osp1
eoan
not-affected
disco
not-affected
bionic
not-affected
xenial
dne
trusty
dne
linux-oracle
eoan
not-affected
disco
Fixed 5.0.0-1004.8
released
bionic
Fixed 4.15.0-1022.25
released
xenial
Fixed 4.15.0-1022.25~16.04.1
released
trusty
dne
linux-oracle-5.0
eoan
dne
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-raspi2
eoan
not-affected
disco
not-affected
bionic
Fixed 4.15.0-1044.47
released
xenial
not-affected
trusty
dne
linux-raspi2-5.3
eoan
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-snapdragon
eoan
dne
disco
not-affected
bionic
Fixed 4.15.0-1062.69
released
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.5
https://github.com/torvalds/linux/commit/56897b217a1d0a91c9920cb418d6b3fe922f590a
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://seclists.org/bugtraq/2020/Jan/10
https://security.netapp.com/advisory/ntap-20191004-0001/
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.5
https://github.com/torvalds/linux/commit/56897b217a1d0a91c9920cb418d6b3fe922f590a
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://seclists.org/bugtraq/2020/Jan/10
https://security.netapp.com/advisory/ntap-20191004-0001/