Date: Fri, 27 Sep 2019 11:50:05 -0500 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 On 2019-08-20 20:20:34, Andrey Konovalov wrote: > * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15290 > > An issue was discovered in the Linux kernel through 5.2.9. There is a > NULL pointer dereference caused by a malicious USB device in the > ath6kl_usb_alloc_urb_from_pipe function in the > drivers/net/wireless/ath/ath6kl/usb.c driver. This seems like it might be a duplicate of CVE-2019-15098. The fix for CVE-2019-15098 was recently merged upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39d170b3cb62ba98567f5c4f40c27b5864b304e5 If you agree, could you request that MITRE mark CVE-2019-15290 as a duplicate of CVE-2019-15098? Tyler
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.