CVE-2019-16230 - drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueu

CVE-2019-16230

Summary

drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:5.2.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.2.14:*:*:*:*:*:*:*

CVSS

Base:	4.7 (as of 05-08-2024 - 01:16)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:N/A:C

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20191004-0001/
misc	https://bugzilla.suse.com/show_bug.cgi?id=1150468 https://lkml.org/lkml/2019/9/9/487

Last major update

05-08-2024 - 01:16

Published

11-09-2019 - 16:15

Last modified

05-08-2024 - 01:16