CVE-2019-12382 (Medium) detected in linuxv3.10 #187
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2019-12382 - Medium Severity Vulnerability
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: 439d18b77a020411b95770ba08a9229eed466cde
Found in base branch: xsentinel-1.6-clean
** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.
Publish Date: 2019-05-28
URL: CVE-2019-12382
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12382
Release Date: 2019-05-28
Fix Resolution: v5.1-rc6
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: