CVE-2019-12455
MEDIUMLinux Kernel < 5.1.5 - Denial of Service via Unchecked kstrndup in sunxi_divs_clk_setup
Title source: llmDescription
An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”
References (4)
Core 4
Core References
Mailing List x_refsource_misc
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2010240.html
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3&id=fcdf445ff42f036d22178b49cf64e92d527c1330
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190710-0002/
Scores
CVSS v3
5.5
EPSS
0.0042
EPSS Percentile
33.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
linux/linux_kernel
< 5.1.5
Published
May 30, 2019
Tracked Since
Feb 18, 2026