Linux Kernel ath6kl_usb_alloc_urb_from_pipe Function NULL Pointer Dereference Vulnerability

By GIXnews


A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to a NULL pointer dereference condition that exists in the ath6kl_usb_alloc_urb_from_pipe function, as defined in the drivers/net/wireless/ath/ath6kl/usb.c source code file of the affected software. An attacker with physical access to a targeted system could exploit this vulnerability by inserting a USB device that submits malicious input to the targeted system. A successful exploit could cause a DoS condition on the system.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

Kernel.org has not confirmed the vulnerability and software updates are not available.

Security Impact Rating: Medium

CVE: CVE-2019-15290

Source:: Cisco Multivendor Vulnerability Alerts