Vulnerability Description
An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.12.1, < 4.14.130 |
| Netapp | Aff A700S Firmware | - |
| Netapp | Aff A700S | - |
| Netapp | Active Iq Unified Manager | >= 9.5 |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Netapp | Cn1610 Firmware | - |
| Netapp | Cn1610 | - |
| Netapp | H610S Firmware | - |
| Netapp | H610S | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108549Third Party AdvisoryVDB Entry
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc.git/commit/?id=80cafPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20190710-0002/Third Party Advisory
- https://support.f5.com/csp/article/K60924046Third Party Advisory
- https://support.f5.com/csp/article/K60924046?utm_source=f5support&%3Butm_medi
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2014901.html
- http://www.securityfocus.com/bid/108549Third Party AdvisoryVDB Entry
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc.git/commit/?id=80cafPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20190710-0002/Third Party Advisory
- https://support.f5.com/csp/article/K60924046Third Party Advisory
- https://support.f5.com/csp/article/K60924046?utm_source=f5support&%3Butm_medi
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2014901.html
FAQ
What is CVE-2019-12615?
CVE-2019-12615 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow a...
How severe is CVE-2019-12615?
CVE-2019-12615 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12615?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Aff A700S Firmware, Netapp Aff A700S, Netapp Active Iq Unified Manager, Netapp Hci Management Node.