Andrey Konovalov from Google
Of the 15 issues, 13 have already been fixed in current Linux kernel updates, but two vulnerabilities (CVE-2019-15290, CVE-2019-15291) remain unpatched in the latest 5.2.9 release. Unpatched vulnerabilities could cause the ath6kl and b2c2 drivers to dereference the NULL pointer when invalid data is received from the device. Other vulnerabilities include:
- Calls to already freed memory areas (use-after-free) in v4l2-dev/radio-raremono, dvb-usb, sound/core, cpia2 and p54usb drivers;
- Double free memory (double-free) in the rio500 driver;
- NULL pointer dereferences in yurex, zr364xx, siano/smsusb, sisusbvga, line6/pcm, motu_microbookii and line6 drivers.
Source: opennet.ru