NULL Pointer Dereference Vulnerability in Linux Kernel SCSI Driver

NULL Pointer Dereference Vulnerability in Linux Kernel SCSI Driver

CVE-2019-19965 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.