Vulnerabilities > CVE-2019-12881 - NULL Pointer Dereference vulnerability in Linux Kernel 4.15

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

linux

CWE-476

NVD

Published: 2019-06-18

Updated: 2024-11-21

Summary

i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 4.15	1
OS	Canonical Canonical Ubuntu Linux 18.04.2	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

http://www.securityfocus.com/bid/108873
http://www.securityfocus.com/bid/108873
https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520
https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520
https://security.netapp.com/advisory/ntap-20190710-0002/
https://security.netapp.com/advisory/ntap-20190710-0002/