CVE-2018-20855

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00

https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00

https://security.netapp.com/advisory/ntap-20190905-0002/

Details

Source: MITRE

Published: 2019-07-26

Updated: 2019-11-20

Type: CWE-119

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 3.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 1.8

Severity: LOW

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
150618SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14157-1)NessusSuSE Local Security Checks
medium
132499NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)NessusNewStart CGSL Local Security Checks
high
132490NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)NessusNewStart CGSL Local Security Checks
high
129841Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4820)NessusOracle Linux Local Security Checks
high
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
128929EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)NessusHuawei Local Security Checks
critical
128542SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)NessusSuSE Local Security Checks
high
128470SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)NessusSuSE Local Security Checks
high
128469SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)NessusSuSE Local Security Checks
medium
128012openSUSE Security Update : the Linux Kernel (openSUSE-2019-1924)NessusSuSE Local Security Checks
medium
128011openSUSE Security Update : the Linux Kernel (openSUSE-2019-1923)NessusSuSE Local Security Checks
medium
127776SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2073-1)NessusSuSE Local Security Checks
medium
127775SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2072-1)NessusSuSE Local Security Checks
medium
127774SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2071-1)NessusSuSE Local Security Checks
medium
127773SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2070-1)NessusSuSE Local Security Checks
medium
127772SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)NessusSuSE Local Security Checks
medium