SB2019082036 - Multiple vulnerabilities in Linux kernel

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2019-15219)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in drivers/usb/misc/sisusbvga/sisusb.c driver. A remote attacker can perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2019-15223)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in sound/usb/line6/driver.c driver. A remote attacker can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
• http://www.openwall.com/lists/oss-security/2019/08/20/2
• http://www.openwall.com/lists/oss-security/2019/08/22/2
• http://www.openwall.com/lists/oss-security/2019/08/22/3
• http://www.openwall.com/lists/oss-security/2019/08/22/4
• http://www.openwall.com/lists/oss-security/2019/08/22/5
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9a5729f68d3a82786aea110b1bfe610be318f80a
• https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
• https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
• https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
• https://security.netapp.com/advisory/ntap-20190905-0002/
• https://syzkaller.appspot.com/bug?id=aaf6794922521df1c35c81e32cb2d0bb6a351e7b
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b074ab7fc0d575247b9cc9f93bb7e007ca38840
• https://syzkaller.appspot.com/bug?id=0c1e517c657d3de2361cb0cc2d3a8663c25039a7
• https://usn.ubuntu.com/4147-1/