VDB
CVE-2019-10207
CVE-2019-10207
PUBLISHED
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.
EPSS 0.70% · 72.5th percentile
Risk Scores
EPSS Score
0.70%
72.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | linux-lts-xenial | 4.4.0-93.116~14.04.1, *, * |
| Ubuntu:18.04:LTS | linux-gke-5.0 | 5.0.0-1017.17~18.04.1, *, * |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1034.41, 4.4.0-1044.51, 4.4.0-1038.45 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 0, 5.15.0-1073.75 |
| Ubuntu:18.04:LTS | linux-oem-osp1 | 5.0.0-1018.20, 5.0.0-1012.13, 5.0.0-1015.16 |
| Ubuntu:18.04:LTS | linux-gke-4.15 | 4.15.0-1036.38, 4.15.0-1032.34, 4.15.0-1040.42 |
| Ubuntu:18.04:LTS | linux-snapdragon | 4.15.0-1057.62, 4.15.0-1055.59, 4.15.0-1058.64 |
| Ubuntu:18.04:LTS | linux-oracle | 4.15.0-1015.17, 4.15.0-1018.20, 4.15.0-1021.23 |
| Ubuntu:16.04:LTS | linux-oracle | 4.15.0-1018.20~16.04.1, 4.15.0-1017.19~16.04.2, 4.15.0-1014.16~16.04.1 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-196.247, 3.13.0-21.43, 3.13.0-20.42 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-gcp-fips | 0, 4.15.0-1001.1 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1028.33, 4.15.0-1033.38, 4.15.0-1034.39 |
| Ubuntu:16.04:LTS | linux-kvm | 4.4.0-1013.18, 4.4.0-1017.22, 4.4.0-1007.12 |
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:16.04:LTS | linux-hwe | 4.8.0-42.45~16.04.1, 0, 4.8.0-36.36~16.04.1 |
| Ubuntu:18.04:LTS | linux-aws | 4.15.0-1016.16, 4.15.0-1017.17, 4.15.0-1019.19 |
| Ubuntu:18.04:LTS | linux-kvm | 4.15.0-1025.25, 4.15.0-1032.32, 4.15.0-1034.34 |
| Ubuntu:16.04:LTS | linux-aws-hwe | 4.15.0-1030.31~16.04.1, 4.15.0-1031.33~16.04.1, 4.15.0-1032.34~16.04.1 |
| Ubuntu:16.04:LTS | linux | 4.4.0-67.88, 4.4.0-101.124, 4.4.0-78.99 |
| Ubuntu:18.04:LTS | linux-gcp | 0, 4.15.0-1023.24, 4.15.0-1015.15 |
…and 18 more
Exploit Intelligence
- PoC for CVE-2019-10207 (github-poc-repo)
- PoC for CVE-2019-10207 (github-poc-repo)
- PoC for CVE-2019-10207 (github-poc-repo)
- PoC for CVE-2019-10207 (github-poc-repo)
- PoC for CVE-2019-10207 (github-poc-repo)
- PoC for CVE-2019-10207 (github-poc-repo)
- PoC for CVE-2019-10207 (github-poc-repo)
- PoC for CVE-2019-10207 (github-poc)
- PoC for CVE-2019-10207 (github-poc)
- PoC for CVE-2019-10207 (github-poc)
…and 9 more exploits
Timeline
- Jul 29, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-10207 third-party-advisory
- https://www.openwall.com/lists/oss-security/2019/07/25/1 third-party-advisory
- https://lore.kernel.org/linux-bluetooth/20190729122215.9948-1-vdronov@redhat.com/ third-party-advisory
- https://ubuntu.com/security/notices/USN-4115-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4118-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4145-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4147-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-10207 third-party-advisory