CVE-2019-15291

An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	*	5.2.9 (including)
Linux	Ubuntu	bionic	*
Linux	Ubuntu	disco	*
Linux	Ubuntu	eoan	*
Linux	Ubuntu	esm-infra-legacy/trusty	*
Linux	Ubuntu	precise/esm	*
Linux	Ubuntu	trusty	*
Linux	Ubuntu	trusty/esm	*
Linux	Ubuntu	upstream	*
Linux	Ubuntu	xenial	*
Linux-aws	Ubuntu	bionic	*
Linux-aws	Ubuntu	disco	*
Linux-aws	Ubuntu	eoan	*
Linux-aws	Ubuntu	trusty	*
Linux-aws	Ubuntu	trusty/esm	*
Linux-aws	Ubuntu	upstream	*
Linux-aws	Ubuntu	xenial	*
Linux-aws-5.0	Ubuntu	bionic	*
Linux-aws-5.0	Ubuntu	upstream	*
Linux-aws-5.3	Ubuntu	upstream	*
Linux-aws-hwe	Ubuntu	upstream	*
Linux-aws-hwe	Ubuntu	xenial	*
Linux-azure	Ubuntu	bionic	*
Linux-azure	Ubuntu	disco	*
Linux-azure	Ubuntu	eoan	*
Linux-azure	Ubuntu	trusty	*
Linux-azure	Ubuntu	trusty/esm	*
Linux-azure	Ubuntu	upstream	*
Linux-azure	Ubuntu	xenial	*
Linux-azure-4.15	Ubuntu	upstream	*
Linux-azure-5.3	Ubuntu	bionic	*
Linux-azure-5.3	Ubuntu	upstream	*
Linux-azure-edge	Ubuntu	bionic	*
Linux-azure-edge	Ubuntu	esm-infra/bionic	*
Linux-azure-edge	Ubuntu	upstream	*
Linux-gcp	Ubuntu	bionic	*
Linux-gcp	Ubuntu	disco	*
Linux-gcp	Ubuntu	eoan	*
Linux-gcp	Ubuntu	upstream	*
Linux-gcp	Ubuntu	xenial	*
Linux-gcp-4.15	Ubuntu	upstream	*
Linux-gcp-5.3	Ubuntu	bionic	*
Linux-gcp-5.3	Ubuntu	upstream	*
Linux-gcp-edge	Ubuntu	bionic	*
Linux-gcp-edge	Ubuntu	esm-infra/bionic	*
Linux-gcp-edge	Ubuntu	upstream	*
Linux-gke-4.15	Ubuntu	bionic	*
Linux-gke-4.15	Ubuntu	upstream	*
Linux-gke-5.0	Ubuntu	bionic	*
Linux-gke-5.0	Ubuntu	upstream	*
Linux-gke-5.3	Ubuntu	bionic	*
Linux-gke-5.3	Ubuntu	upstream	*
Linux-hwe	Ubuntu	bionic	*
Linux-hwe	Ubuntu	upstream	*
Linux-hwe	Ubuntu	xenial	*
Linux-hwe-edge	Ubuntu	bionic	*
Linux-hwe-edge	Ubuntu	esm-infra/bionic	*
Linux-hwe-edge	Ubuntu	esm-infra/xenial	*
Linux-hwe-edge	Ubuntu	upstream	*
Linux-hwe-edge	Ubuntu	xenial	*
Linux-kvm	Ubuntu	bionic	*
Linux-kvm	Ubuntu	disco	*
Linux-kvm	Ubuntu	eoan	*
Linux-kvm	Ubuntu	upstream	*
Linux-kvm	Ubuntu	xenial	*
Linux-lts-trusty	Ubuntu	precise/esm	*
Linux-lts-trusty	Ubuntu	upstream	*
Linux-lts-xenial	Ubuntu	trusty	*
Linux-lts-xenial	Ubuntu	trusty/esm	*
Linux-lts-xenial	Ubuntu	upstream	*
Linux-oem	Ubuntu	bionic	*
Linux-oem	Ubuntu	disco	*
Linux-oem	Ubuntu	eoan	*
Linux-oem	Ubuntu	upstream	*
Linux-oem	Ubuntu	xenial	*
Linux-oem-5.6	Ubuntu	upstream	*
Linux-oem-osp1	Ubuntu	bionic	*
Linux-oem-osp1	Ubuntu	disco	*
Linux-oem-osp1	Ubuntu	eoan	*
Linux-oem-osp1	Ubuntu	upstream	*
Linux-oracle	Ubuntu	bionic	*
Linux-oracle	Ubuntu	disco	*
Linux-oracle	Ubuntu	eoan	*
Linux-oracle	Ubuntu	upstream	*
Linux-oracle	Ubuntu	xenial	*
Linux-oracle-5.0	Ubuntu	bionic	*
Linux-oracle-5.0	Ubuntu	upstream	*
Linux-oracle-5.3	Ubuntu	upstream	*
Linux-raspi	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	bionic	*
Linux-raspi2	Ubuntu	disco	*
Linux-raspi2	Ubuntu	eoan	*
Linux-raspi2	Ubuntu	focal	*
Linux-raspi2	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	xenial	*
Linux-raspi2-5.3	Ubuntu	bionic	*
Linux-raspi2-5.3	Ubuntu	upstream	*
Linux-riscv	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	bionic	*
Linux-snapdragon	Ubuntu	disco	*
Linux-snapdragon	Ubuntu	upstream	*
Linux-snapdragon	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-15291
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References