Andrey Konovalov ti Google
Tina 15 masalah, 13 parantos dilereskeun dina apdet kernel Linux panganyarna, tapi dua kerentanan (CVE-2019-15290, CVE-2019-15291) tetep teu dilereskeun dina rilis panganyarna 5.2.9. Kerentanan unpatched bisa ngakibatkeun dereferences pointer NULL dina drivers ath6kl na b2c2 nalika narima data lepat ti alat. Kerentanan sanésna kalebet:
- Aksés ka wewengkon memori geus dibébaskeun (pamakéan-sanggeus-gratis) dina drivers v4l2-dev / radio-raremono, dvb-usb, sora / inti, cpia2 na p54usb;
- Mémori bébas ganda dina supir rio500;
- NULL pointer dereferences di yurex, zr364xx, siano / smsusb, sisusbvga, line6 / pcm, motu_microbookii na line6 drivers.
sumber: opennet.ru