CVE-2019-15223

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.

From the Ubuntu Security Team

It was discovered that the Line 6 USB driver for the Linux kernel contained a race condition when the device was disconnected. A physically proximate attacker could use this to cause a denial of service (system crash).

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	19.04 disco	Fixed 5.0.0-31.33
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Ignored was needs-triage ESM criteria
linux-aws	19.04 disco	Fixed 5.0.0-1018.20
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Ignored was needs-triage ESM criteria
linux-aws-hwe	19.04 disco	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-azure	19.04 disco	Fixed 5.0.0-1022.23
	18.04 LTS bionic	Fixed 5.0.0-1022.23~18.04.1
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Ignored was needs-triage ESM criteria
linux-azure-edge	19.04 disco	Not in release
	18.04 LTS bionic	Fixed 5.0.0-1022.23~18.04.1
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-gcp	19.04 disco	Fixed 5.0.0-1020.20
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-gcp-edge	19.04 disco	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke-4.15	19.04 disco	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke-5.0	19.04 disco	Not in release
	18.04 LTS bionic	Fixed 5.0.0-1020.20~18.04.1
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-hwe	19.04 disco	Not in release
	18.04 LTS bionic	Fixed 5.0.0-31.33~18.04.1
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-hwe-edge	19.04 disco	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-kvm	19.04 disco	Fixed 5.0.0-1019.20
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-lts-trusty	19.04 disco	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-xenial	19.04 disco	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Ignored was needs-triage ESM criteria
linux-oem	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Ignored end of standard support, was needs-triage
	14.04 LTS trusty	Not in release
linux-oracle	19.04 disco	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-raspi2	19.04 disco	Fixed 5.0.0-1019.19
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-snapdragon	19.04 disco	Fixed 5.0.0-1023.24
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release

Notes

tyhicks

Setting priority to negligible since this simple DoS requires a malicious USB device to be inserted into the system

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by 7f84ff6, fixed by 0b074ab

Severity score breakdown

Parameter	Value
Base score	4.6 · Medium
Attack vector	Physical
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

USN-4147-1
Linux kernel vulnerabilities
4 October 2019