Linux Kernel flexcop_usb_probe Function NULL Pointer Dereference Vulnerability

By GIXnews

A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to a NULL pointer dereference condition that exists in the flexcop_usb_probe function, as defined in the drivers/media/usb/b2c2/flexcop-usb.c source code file of the affected software. An attacker with physical access to a targeted system could exploit this vulnerability by inserting a USB device that submits malicious input to the targeted system. A successful exploit could cause a DoS condition on the system.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. has not confirmed the vulnerability and software updates are not available.

Security Impact Rating: Medium

CVE: CVE-2019-15291

Source:: Cisco Multivendor Vulnerability Alerts