Bug 1146535 (CVE-2019-15223)

Summary:	VUL-1: CVE-2019-15223: kernel-source: NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Alexandros Toptsoglou <atoptsoglou>
Component:	Incidents	Assignee:	Takashi Iwai <tiwai>
Status:	RESOLVED UPSTREAM	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P5 - None	CC:	smash_bz, tiwai
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/240477/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Alexandros Toptsoglou 2019-08-21 07:59:59 UTC

CVE-2019-15223

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL
pointer dereference caused by a malicious USB device in the
sound/usb/line6/driver.c driver.

References:
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.8
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b074ab7fc0d575247b9cc9f93bb7e007ca38840
https://syzkaller.appspot.com/bug?id=0c1e517c657d3de2361cb0cc2d3a8663c25039a7
http://www.openwall.com/lists/oss-security/2019/08/20/2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15223

Comment 1 Alexandros Toptsoglou 2019-08-21 11:32:13 UTC

Our kernels are not affected by this issue which was introduced with commit at [1]. TW ships a version which ships already the fix. 

[1] https://github.com/torvalds/linux/commit/7f84ff68be05ec7a5d2acf8fdc734fe5897af48f