CVE-2019-15118

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-15118
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html Mailing List
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Patch Third Party Advisory VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 Mailing List Patch
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html Mailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html Mailing List
https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ Mailing List Patch
https://seclists.org/bugtraq/2019/Nov/11 Mailing List Patch Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/41 Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190905-0002/ Third Party Advisory
https://usn.ubuntu.com/4147-1/ Third Party Advisory
https://usn.ubuntu.com/4162-1/ Third Party Advisory
https://usn.ubuntu.com/4162-2/ Third Party Advisory
https://usn.ubuntu.com/4163-1/ Third Party Advisory
https://usn.ubuntu.com/4163-2/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4531 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:-:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
History

03 Feb 2024, 02:25

Type Values Removed Values Added
First Time Debian
Netapp active Iq Unified Manager
Netapp solidfire
Opensuse leap
Netapp hci Management Node
Debian debian Linux
Netapp h410c Firmware
Netapp solidfire Baseboard Management Controller
Netapp
Netapp data Availability Services
Netapp h410c
Canonical
Canonical ubuntu Linux
Netapp solidfire Baseboard Management Controller Firmware
Opensuse
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html - () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html - () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html - Mailing List
References () http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - () http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Patch, Third Party Advisory, VDB Entry
References () https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 - Patch, Third Party Advisory () https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 - Mailing List, Patch
References () https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - () https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - Mailing List
References () https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - () https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - Mailing List
References () https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ - () https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ - Mailing List, Patch
References () https://seclists.org/bugtraq/2019/Nov/11 - () https://seclists.org/bugtraq/2019/Nov/11 - Mailing List, Patch, Third Party Advisory
References () https://seclists.org/bugtraq/2019/Sep/41 - () https://seclists.org/bugtraq/2019/Sep/41 - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20190905-0002/ - () https://security.netapp.com/advisory/ntap-20190905-0002/ - Third Party Advisory
References () https://usn.ubuntu.com/4147-1/ - () https://usn.ubuntu.com/4147-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4162-1/ - () https://usn.ubuntu.com/4162-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4162-2/ - () https://usn.ubuntu.com/4162-2/ - Third Party Advisory
References () https://usn.ubuntu.com/4163-1/ - () https://usn.ubuntu.com/4163-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4163-2/ - () https://usn.ubuntu.com/4163-2/ - Third Party Advisory
References () https://www.debian.org/security/2019/dsa-4531 - () https://www.debian.org/security/2019/dsa-4531 - Third Party Advisory
CPE cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:-:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Information

Published : 2019-08-16 14:15

Updated : 2024-02-03 02:25

NVD link : CVE-2019-15118

Mitre link : CVE-2019-15118

CVE.ORG link : CVE-2019-15118

JSON object : View

Products Affected

netapp

  • active_iq_unified_manager
  • h410c
  • solidfire
  • hci_management_node
  • solidfire_baseboard_management_controller_firmware
  • h410c_firmware
  • data_availability_services
  • solidfire_baseboard_management_controller

linux

  • linux_kernel

canonical

  • ubuntu_linux

debian

  • debian_linux

opensuse

  • leap
CWE
CWE-674

Uncontrolled Recursion