CVE-2019-10207

MEDIUM

Linux kernel <4.18.0, <5 - Local Privilege Escalation

Title source: llm
STIX 2.1

Description

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.

Exploits (1)

nomisec WORKING POC 20 stars
by butterflyhack · poc
https://github.com/butterflyhack/CVE-2019-10207

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10207
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200103-0001/

Scores

CVSS v3 5.5
EPSS 0.0070
EPSS Percentile 72.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (1)
linux/linux_kernel 3.0 - 4.18.0
Published Nov 25, 2019
Tracked Since Feb 18, 2026