CVE-2019-16233

low-risk

Published 2019-09-11

drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

Do I need to act?

-

0.09% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.1/10 Medium

LOCAL / HIGH complexity

Affected Products (9)

Linux Kernel

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Leap

Leap

Enterprise Linux

Enterprise Linux

Affected Vendors

Redhat Linux Canonical Opensuse

References (16)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html

Patch https://lkml.org/lkml/2019/9/9/487

Third Party Advisory https://security.netapp.com/advisory/ntap-20191004-0001/

Third Party Advisory https://usn.ubuntu.com/4226-1/

Third Party Advisory https://usn.ubuntu.com/4227-1/

Third Party Advisory https://usn.ubuntu.com/4227-2/

https://usn.ubuntu.com/4346-1/

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html

Patch https://lkml.org/lkml/2019/9/9/487

Third Party Advisory https://security.netapp.com/advisory/ntap-20191004-0001/

Third Party Advisory https://usn.ubuntu.com/4226-1/

Third Party Advisory https://usn.ubuntu.com/4227-1/

Third Party Advisory https://usn.ubuntu.com/4227-2/

https://usn.ubuntu.com/4346-1/

26

/ 100

low-risk

Severity 11/34 · Low

Exploitability 0/34 · Minimal

Exposure 15/34 · Moderate