4.7

CVE-2019-16232

Exploit

drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version5.2.14
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
FedoraprojectFedora Version30
FedoraprojectFedora Version31
OpensuseLeap Version15.0
OpensuseLeap Version15.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.138
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.1 0.5 3.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.7 3.4 6.9
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://usn.ubuntu.com/4284-1/
Third Party Advisory
https://usn.ubuntu.com/4287-1/
Third Party Advisory
https://usn.ubuntu.com/4287-2/
Third Party Advisory
https://lkml.org/lkml/2019/9/9/487
Patch
Vendor Advisory
Exploit
https://usn.ubuntu.com/4285-1/
Third Party Advisory