Login Sign Up

CVE-2019-15926

9.1 CRITICAL
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's ath6kl wireless driver allows out-of-bounds memory access when processing specific WMI events. Attackers could potentially execute arbitrary code or cause denial of service on affected systems. Systems running Linux kernels before version 5.2.3 with ath6kl wireless hardware are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: All versions before 5.2.3
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with ath6kl wireless hardware/driver enabled. Many distributions may not enable this driver by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, kernel privilege escalation, or persistent backdoor installation.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially requiring physical access to restart.

🟢

If Mitigated

System crash with no data loss if proper segmentation and access controls prevent privilege escalation.

🌐 Internet-Facing: MEDIUM - Requires wireless network access and specific driver usage, not directly internet-exposed.
🏢 Internal Only: MEDIUM - Internal attackers with wireless network access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires wireless network access and ability to send crafted WMI events to the vulnerable driver.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.2.3 and later

Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.2.3 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ath6kl driver

linux

Prevent loading of vulnerable wireless driver module

echo 'blacklist ath6kl' >> /etc/modprobe.d/blacklist-ath6kl.conf
rmmod ath6kl

🧯 If You Can't Patch

  • Disable wireless interfaces using ath6kl hardware
  • Implement network segmentation to isolate wireless networks from critical systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is earlier than 5.2.3 and ath6kl module is loaded (lsmod | grep ath6kl), system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.2.3 or later: uname -r. Confirm ath6kl module is either not loaded or updated.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages in /var/log/kern.log or dmesg
  • System crashes or reboots without clear cause

Network Indicators:

  • Unusual wireless traffic patterns
  • Malformed WMI packets on wireless interfaces

SIEM Query:

source="kern.log" AND ("ath6kl" OR "WMI" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2019-15926
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: September 4, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15926, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)