CVE-2019-12455

 

Published at: - 30-05-2019 06:29

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.�.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2010240.html
• https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3&id=fcdf445ff42f036d22178b49cf64e92d527c1330
• FEDORA-2019-f40bd7826f-
• https://security.netapp.com/advisory/ntap-20190710-0002/

 

Keywords

NVD

 

CVE-2019-12455

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures