Main Vulnerability Database SB2019100811

SB2019100811 - Information disclosure in USB kernel driver in F5 Networks BIG-IP products

Published: October 8, 2019

Security Bulletin ID SB2019100811

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2019-15505)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the drivers/media/usb/dvb-usb/technisat-usb2.c USB driver in Linux kernel. A local user can use a specially crafted USB device to trigger out-of-bounds read error during data transfer and read contents of memory on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.f5.com/csp/article/K28222050