CVE-2019-16230

low-risk

Published 2019-09-11

drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

LOCAL / HIGH complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1150468

Patch https://lkml.org/lkml/2019/9/9/487

Third Party Advisory https://security.netapp.com/advisory/ntap-20191004-0001/

Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1150468

Patch https://lkml.org/lkml/2019/9/9/487

Third Party Advisory https://security.netapp.com/advisory/ntap-20191004-0001/

/ 100

low-risk

Severity 12/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal