CVE-2019-12382
Publication date 28 May 2019
Last updated 24 July 2024
Ubuntu priority
** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Ignored was needs-triage ESM criteria | |
| linux-aws | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Ignored was needs-triage ESM criteria | |
| linux-aws-hwe | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Not in release | |
| linux-azure | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Ignored was needs-triage ESM criteria | |
| linux-azure-edge | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release | |
| linux-euclid | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored end of life, was needs-triage | |
| 14.04 LTS trusty | Not in release | |
| linux-flo | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored abandoned | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-edge | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke | ||
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Ignored end of life | |
| 14.04 LTS trusty | Not in release | |
| linux-goldfish | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored end of life | |
| 14.04 LTS trusty | Not in release | |
| linux-grouper | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-edge | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Not in release | |
| linux-kvm | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-utopic | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-vivid | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-wily | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Ignored was needs-triage ESM criteria | |
| linux-maguro | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-mako | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored abandoned | |
| 14.04 LTS trusty | Not in release | |
| linux-manta | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored end of life, was needs-triage | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle | ||
| 18.04 LTS bionic | Ignored NULL pointer derefence is not possible | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | ||
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | ||
| 18.04 LTS bionic | Ignored end of standard support | |
| 16.04 LTS xenial | Ignored NULL pointer derefence is not possible | |
| 14.04 LTS trusty | Not in release |
Notes
tyhicks
There's no security impact here as there's no chance of a NULL pointer derefence. I've requested that MITRE reject this CVE. I've reviewed our Disco, Cosmic, Bionic, and Xenial kernels. There's no security impact here so we'll ignore this issue.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |