CVE-2019-12382
Publication date 28 May 2019
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Ignored | |
linux-aws | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Ignored | |
linux-aws-hwe | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-azure | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Ignored | |
linux-azure-edge | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-euclid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp-edge | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-kvm | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-wily | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
linux-maguro | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-oracle | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
18.04 LTS bionic | Ignored | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release |
Notes
tyhicks
There's no security impact here as there's no chance of a NULL pointer derefence. I've requested that MITRE reject this CVE. I've reviewed our Disco, Cosmic, Bionic, and Xenial kernels. There's no security impact here so we'll ignore this issue.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |