CVE-2019-15118

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-15118
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html Mailing List
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Patch Third Party Advisory VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 Mailing List Patch
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html Mailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html Mailing List
https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ Mailing List Patch
https://seclists.org/bugtraq/2019/Nov/11 Mailing List Patch Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/41 Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190905-0002/ Third Party Advisory
https://usn.ubuntu.com/4147-1/ Third Party Advisory
https://usn.ubuntu.com/4162-1/ Third Party Advisory
https://usn.ubuntu.com/4162-2/ Third Party Advisory
https://usn.ubuntu.com/4163-1/ Third Party Advisory
https://usn.ubuntu.com/4163-2/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4531 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html Mailing List
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Patch Third Party Advisory VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 Mailing List Patch
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html Mailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html Mailing List
https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ Mailing List Patch
https://seclists.org/bugtraq/2019/Nov/11 Mailing List Patch Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/41 Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190905-0002/ Third Party Advisory
https://usn.ubuntu.com/4147-1/ Third Party Advisory
https://usn.ubuntu.com/4162-1/ Third Party Advisory
https://usn.ubuntu.com/4162-2/ Third Party Advisory
https://usn.ubuntu.com/4163-1/ Third Party Advisory
https://usn.ubuntu.com/4163-2/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4531 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:-:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
History

21 Nov 2024, 04:28

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html - Mailing List
References () http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Patch, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Patch, Third Party Advisory, VDB Entry
References () https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 - Mailing List, Patch () https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 - Mailing List, Patch
References () https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - Mailing List () https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - Mailing List
References () https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - Mailing List () https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - Mailing List
References () https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ - Mailing List, Patch () https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ - Mailing List, Patch
References () https://seclists.org/bugtraq/2019/Nov/11 - Mailing List, Patch, Third Party Advisory () https://seclists.org/bugtraq/2019/Nov/11 - Mailing List, Patch, Third Party Advisory
References () https://seclists.org/bugtraq/2019/Sep/41 - Mailing List, Third Party Advisory () https://seclists.org/bugtraq/2019/Sep/41 - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20190905-0002/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20190905-0002/ - Third Party Advisory
References () https://usn.ubuntu.com/4147-1/ - Third Party Advisory () https://usn.ubuntu.com/4147-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4162-1/ - Third Party Advisory () https://usn.ubuntu.com/4162-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4162-2/ - Third Party Advisory () https://usn.ubuntu.com/4162-2/ - Third Party Advisory
References () https://usn.ubuntu.com/4163-1/ - Third Party Advisory () https://usn.ubuntu.com/4163-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4163-2/ - Third Party Advisory () https://usn.ubuntu.com/4163-2/ - Third Party Advisory
References () https://www.debian.org/security/2019/dsa-4531 - Third Party Advisory () https://www.debian.org/security/2019/dsa-4531 - Third Party Advisory

03 Feb 2024, 02:25

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html - () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html - () http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html - Mailing List
References () http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - () http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Patch, Third Party Advisory, VDB Entry
References () https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 - Patch, Third Party Advisory () https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18 - Mailing List, Patch
References () https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - () https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - Mailing List
References () https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - () https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - Mailing List
References () https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ - () https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com/ - Mailing List, Patch
References () https://seclists.org/bugtraq/2019/Nov/11 - () https://seclists.org/bugtraq/2019/Nov/11 - Mailing List, Patch, Third Party Advisory
References () https://seclists.org/bugtraq/2019/Sep/41 - () https://seclists.org/bugtraq/2019/Sep/41 - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20190905-0002/ - () https://security.netapp.com/advisory/ntap-20190905-0002/ - Third Party Advisory
References () https://usn.ubuntu.com/4147-1/ - () https://usn.ubuntu.com/4147-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4162-1/ - () https://usn.ubuntu.com/4162-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4162-2/ - () https://usn.ubuntu.com/4162-2/ - Third Party Advisory
References () https://usn.ubuntu.com/4163-1/ - () https://usn.ubuntu.com/4163-1/ - Third Party Advisory
References () https://usn.ubuntu.com/4163-2/ - () https://usn.ubuntu.com/4163-2/ - Third Party Advisory
References () https://www.debian.org/security/2019/dsa-4531 - () https://www.debian.org/security/2019/dsa-4531 - Third Party Advisory
First Time Canonical ubuntu Linux
Opensuse leap
Netapp h410c
Netapp
Netapp solidfire Baseboard Management Controller
Opensuse
Netapp h410c Firmware
Netapp data Availability Services
Debian
Canonical
Netapp solidfire
Netapp hci Management Node
Netapp solidfire Baseboard Management Controller Firmware
Netapp active Iq Unified Manager
Debian debian Linux
CPE cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:-:*:*:*
Information

Published : 2019-08-16 14:15

Updated : 2024-11-21 04:28

NVD link : CVE-2019-15118

Mitre link : CVE-2019-15118

CVE.ORG link : CVE-2019-15118

JSON object : View

Products Affected

netapp

  • h410c
  • solidfire
  • solidfire_baseboard_management_controller
  • hci_management_node
  • active_iq_unified_manager
  • solidfire_baseboard_management_controller_firmware
  • h410c_firmware
  • data_availability_services

opensuse

  • leap

debian

  • debian_linux

linux

  • linux_kernel

canonical

  • ubuntu_linux
CWE
CWE-674

Uncontrolled Recursion