A vulnerability has been found in Linux Kernel up to 5.2.9 (Operating System) and classified as critical. This vulnerability affects some unknown processing of the file drivers/net/wireless/rsi/rsi_91x_usb.c of the component USB Device Handler. The manipulation with an unknown input leads to a double free vulnerability. The CWE definition for the vulnerability is CWE-415. The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

The weakness was disclosed 08/23/2019 (Website). The advisory is shared for download at lists.fedoraproject.org. This vulnerability was named CVE-2019-15504 since 08/23/2019. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 12/01/2023).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-138837, VDB-138838, VDB-138839 and VDB-138853 are pretty similar.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.2.0
• 5.2.1
• 5.2.2
• 5.2.3
• 5.2.4
• 5.2.5
• 5.2.6
• 5.2.7
• 5.2.8
• 5.2.9

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion