Login Sign Up

CVE-2019-15917

7.0 HIGH
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's Bluetooth HCI UART driver. When hci_uart_register_dev() fails during protocol setup, memory that has already been freed can be accessed, potentially leading to kernel crashes or arbitrary code execution. Systems running Linux kernels before version 5.0.5 with Bluetooth support are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: All versions before 5.0.5
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Bluetooth support enabled. The vulnerability is triggered during Bluetooth protocol setup failures.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Leap by Opensuse

View all CVEs affecting Leap →

Leap by Opensuse

View all CVEs affecting Leap →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution allowing full system compromise.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting Bluetooth functionality.

🟢

If Mitigated

Limited impact if Bluetooth is disabled or the vulnerable code path isn't triggered.

🌐 Internet-Facing: LOW - This requires local access or Bluetooth proximity to exploit.
🏢 Internal Only: MEDIUM - Attackers with local access or Bluetooth range could potentially exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires triggering specific failure conditions in Bluetooth protocol setup, making reliable exploitation challenging.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.0.5 and later

Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.5

Restart Required: Yes

Instructions:

1. Update to Linux kernel 5.0.5 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel packages. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable Bluetooth kernel module

linux

Prevent loading of vulnerable Bluetooth HCI UART driver

echo 'blacklist hci_uart' >> /etc/modprobe.d/blacklist.conf
rmmod hci_uart

🧯 If You Can't Patch

  • Disable Bluetooth functionality at kernel level if not required
  • Implement strict access controls to limit local user privileges

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is earlier than 5.0.5, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

After patching, verify kernel version is 5.0.5 or later with uname -r

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Bluetooth subsystem crashes in dmesg
  • Use-after-free warnings in kernel logs

Network Indicators:

  • Unexpected Bluetooth service failures

SIEM Query:

source="kernel" AND ("use-after-free" OR "hci_uart" OR "Bluetooth crash")

📊 Metadata

CVE ID: CVE-2019-15917
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: September 4, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15917, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)