CVE-2019-11810

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html

http://www.securityfocus.com/bid/108286

https://access.redhat.com/errata/RHSA-2019:1959

https://access.redhat.com/errata/RHSA-2019:1971

https://access.redhat.com/errata/RHSA-2019:2029

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2019:2736

https://access.redhat.com/errata/RHSA-2019:2837

https://access.redhat.com/errata/RHSA-2019:3217

https://access.redhat.com/errata/RHSA-2020:0036

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.7

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bcf3b67d16a4c8ffae0aa79de5853435e683945c

https://github.com/torvalds/linux/commit/bcf3b67d16a4c8ffae0aa79de5853435e683945c

https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html

https://security.netapp.com/advisory/ntap-20190719-0003/

https://support.f5.com/csp/article/K50484570

https://usn.ubuntu.com/4005-1/

https://usn.ubuntu.com/4008-1/

https://usn.ubuntu.com/4008-3/

https://usn.ubuntu.com/4115-1/

https://usn.ubuntu.com/4118-1/

Details

Source: MITRE

Published: 2019-05-07

Updated: 2020-08-24

Type: CWE-476

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (56 total)

IDNameProductFamilySeverity
150618SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14157-1)NessusSuSE Local Security Checks
medium
145675CentOS 8 : kernel (CESA-2019:1959)NessusCentOS Local Security Checks
critical
134387EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)NessusHuawei Local Security Checks
critical
134312NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)NessusNewStart CGSL Local Security Checks
high
133460Virtuozzo 7 : readykernel-patch (VZA-2019-078)NessusVirtuozzo Local Security Checks
high
132700RHEL 7 : kernel (RHSA-2020:0036)NessusRed Hat Local Security Checks
critical
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
131776NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0212)NessusNewStart CGSL Local Security Checks
high
130373RHEL 7 : kernel-alt (RHSA-2019:3217)NessusRed Hat Local Security Checks
high
129920NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)NessusNewStart CGSL Local Security Checks
medium
129900NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)NessusNewStart CGSL Local Security Checks
medium
129492Virtuozzo 7 : readykernel-patch (VZA-2019-076)NessusVirtuozzo Local Security Checks
high
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
129149RHEL 7 : kernel (RHSA-2019:2837)NessusRed Hat Local Security Checks
medium
128977CentOS 6 : kernel (CESA-2019:2736)NessusCentOS Local Security Checks
high
128862Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190912)NessusScientific Linux Local Security Checks
high
128857RHEL 6 : kernel (RHSA-2019:2736)NessusRed Hat Local Security Checks
high
128748Oracle Linux 6 : kernel (ELSA-2019-2736)NessusOracle Linux Local Security Checks
high
128680Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2)NessusUbuntu Local Security Checks
critical
128651CentOS 7 : kernel (CESA-2019:2029)NessusCentOS Local Security Checks
medium
128542SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)NessusSuSE Local Security Checks
high
128478Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)NessusUbuntu Local Security Checks
critical
128475Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, (USN-4115-1)NessusUbuntu Local Security Checks
critical
128470SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)NessusSuSE Local Security Checks
high
128469SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)NessusSuSE Local Security Checks
medium
128226Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
128032Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-067)NessusVirtuozzo Local Security Checks
high
128012openSUSE Security Update : the Linux Kernel (openSUSE-2019-1924)NessusSuSE Local Security Checks
medium
128011openSUSE Security Update : the Linux Kernel (openSUSE-2019-1923)NessusSuSE Local Security Checks
medium
127976Oracle Linux 8 : kernel (ELSA-2019-1959)NessusOracle Linux Local Security Checks
critical
127776SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2073-1)NessusSuSE Local Security Checks
medium
127775SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2072-1)NessusSuSE Local Security Checks
medium
127774SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2071-1)NessusSuSE Local Security Checks
medium
127773SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2070-1)NessusSuSE Local Security Checks
medium
127772SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)NessusSuSE Local Security Checks
medium
127655RHEL 7 : kernel-rt (RHSA-2019:2043)NessusRed Hat Local Security Checks
medium
127650RHEL 7 : kernel (RHSA-2019:2029)NessusRed Hat Local Security Checks
medium
127641RHEL 8 : kernel-rt (RHSA-2019:1971)NessusRed Hat Local Security Checks
critical
127637RHEL 8 : kernel (RHSA-2019:1959)NessusRed Hat Local Security Checks
critical
126299EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1672)NessusHuawei Local Security Checks
high
126266EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1639)NessusHuawei Local Security Checks
high
126121Photon OS 1.0: Linux PHSA-2019-1.0-0236NessusPhotonOS Local Security Checks
high
126115Photon OS 3.0: Linux PHSA-2019-3.0-0015NessusPhotonOS Local Security Checks
high
126031Slackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)NessusSlackware Local Security Checks
high
125964Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4685) (SACK Panic) (SACK Slowness)NessusOracle Linux Local Security Checks
high
125958Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)NessusDebian Local Security Checks
high
125768Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-4008-3)NessusUbuntu Local Security Checks
high
125767Ubuntu 16.04 LTS : apparmor update (USN-4008-2)NessusUbuntu Local Security Checks
high
125755Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670)NessusOracle Linux Local Security Checks
high
125754OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)NessusOracleVM Local Security Checks
high
125726Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4008-1)NessusUbuntu Local Security Checks
high
125721Ubuntu 19.04 : linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon (USN-4005-1)NessusUbuntu Local Security Checks
high
125587EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1635)NessusHuawei Local Security Checks
high
125564EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1612)NessusHuawei Local Security Checks
high
125396Photon OS 2.0: Linux PHSA-2019-2.0-0160NessusPhotonOS Local Security Checks
high