CVE-2019-15505: Critical severity Linux Linux kernel vulnerability

Published Aug 23, 2019
·
Updated

A vulnerability was found in technisatusb2getir in drivers/media/usb/dvb-usb/technisat-usb2.c in DVB USB subsystem, there was an out-of-bounds read for an array in struct technisatusb2state state->buf with no boundary check applied until 0xff byte is encountered, if it is not found with in the limits it goes beyond the array size, this exposes kernel data structure which should not happen.

Reference: https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/ https://git.linuxtv.org/mediatree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/

Other sources

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...

Debian

Linux Kernel could allow a physical attacker to obtain sensitive information, caused by an out-of-bounds read flaw in technisat-usb2.c. By using a specially-crafted USB device, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition on the system.

IBM

Affected Software

17 affected componentsFixes available
Linux Linux kernel<3.16.77
Linux Linux kernel>=3.17<4.4.194
Linux Linux kernel>=4.5<4.9.194
Linux Linux kernel>=4.10<4.14.146
Linux Linux kernel>=4.15<4.19.75
Linux Linux kernel>=4.20<5.2.17
Linux Linux kernel>=5.3<5.3.1
Debian Debian Linux=8.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.251-16.1.159-16.1.164-16.12.73-16.12.74-26.19.13-16.19.14-1

Remediation

Patch Available

https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b

Patch Available

https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q@gofer.mess.org/

Patch Available

https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11@gmail.com/

Event History

Aug 23, 2019
CVE Published
via MITRE·05:18 AM
Data Sourced
via MITRE·05:18 AM
Description
Aug 29, 2019
Data Sourced
via Red Hat·07:38 AM
DescriptionSeverityAffected Software
Aug 6, 2025
Data Sourced
via Launchpad·04:21 AM
Description
Mar 19, 2026
Data Sourced
via Ubuntu·04:31 PM
RemedyDescriptionSeverityAffected Software
Apr 28, 2026
Data Sourced
via Debian·05:03 PM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2019-15505?

CVE-2019-15505 has a medium severity level as it can lead to potential information disclosure due to out-of-bounds reads.

2

How do I fix CVE-2019-15505?

To fix CVE-2019-15505, you should upgrade your Linux kernel to version 5.10.223-1 or later.

3

Which systems are affected by CVE-2019-15505?

CVE-2019-15505 affects various versions of the Linux kernel prior to versions that include the fix for this vulnerability.

4

What type of vulnerability is CVE-2019-15505?

CVE-2019-15505 is categorized as an out-of-bounds read vulnerability in the DVB USB subsystem of the Linux kernel.

5

Are there any known exploits for CVE-2019-15505?

As of now, no public exploits for CVE-2019-15505 have been reported.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203