CVE-2019-19227

MEDIUM

Linux Kernel < 5.1 - Denial of Service via AppleTalk Subsystem NULL Pointer Dereference

Title source: llm
STIX 2.1

Description

In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.

References (13)

Core 13
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200103-0001/
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2020/Jan/10
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4254-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4254-2/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4258-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4287-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4287-2/
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Scores

CVSS v3 5.5
EPSS 0.0064
EPSS Percentile 46.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (1)
linux/linux_kernel < 5.1
Published Nov 22, 2019
Tracked Since Feb 18, 2026