[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Linux kernel: multiple vulnerabilities in the USB subsystem x2
From:       Tyler Hicks <tyhicks () canonical ! com>
Date:       2019-09-27 18:53:10
Message-ID: 20190927185309.GE1884 () elm
[Download RAW message or body]

On 2019-09-27 19:01:48, Andrey Konovalov wrote:
> On Fri, Sep 27, 2019 at 6:51 PM Tyler Hicks <tyhicks@canonical.com> wrote:
> > 
> > On 2019-08-20 20:20:34, Andrey Konovalov wrote:
> > > * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15290
> > > 
> > > An issue was discovered in the Linux kernel through 5.2.9. There is a
> > > NULL pointer dereference caused by a malicious USB device in the
> > > ath6kl_usb_alloc_urb_from_pipe function in the
> > > drivers/net/wireless/ath/ath6kl/usb.c driver.
> > 
> > This seems like it might be a duplicate of CVE-2019-15098. The fix for
> > CVE-2019-15098 was recently merged upstream:
> > 
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39d170b3cb62ba98567f5c4f40c27b5864b304e5
> >  
> > If you agree, could you request that MITRE mark CVE-2019-15290 as a
> > duplicate of CVE-2019-15098?
> 
> Oh, nice, Mathias and Hui found it as well and fixed it! =)
> 
> Yes, these two CVEs are for the same issue, feel free to mark them as such.

I've requested that MITRE mark CVE-2019-15290 as a dupe of
CVE-2019-15098. Thanks!

Tyler


[prev in list] [next in list] [prev in thread] [next in thread]