CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup ...

Description

An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference

Metrics

EPSS Probability

0.46%

36.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-476

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	<= 5.1.5

References

Timeline

Published: May 28, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-12382?

An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference

How severe is CVE-2019-12382?

Severity scoring for CVE-2019-12382 is pending analysis. The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.

How do I fix CVE-2019-12382?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.