CVE-2019-11811

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

References

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

http://www.securityfocus.com/bid/108410

https://access.redhat.com/errata/RHSA-2019:1873

https://access.redhat.com/errata/RHSA-2019:1891

https://access.redhat.com/errata/RHSA-2019:1959

https://access.redhat.com/errata/RHSA-2019:1971

https://access.redhat.com/errata/RHSA-2019:4057

https://access.redhat.com/errata/RHSA-2019:4058

https://access.redhat.com/errata/RHSA-2020:0036

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.4

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=401e7e88d4ef80188ffa07095ac00456f901b8c4

https://github.com/torvalds/linux/commit/401e7e88d4ef80188ffa07095ac00456f901b8c4

https://security.netapp.com/advisory/ntap-20190719-0003/

https://support.f5.com/csp/article/K01512680

Details

Source: MITRE

Published: 2019-05-07

Updated: 2020-05-06

Type: CWE-416

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
150477F5 Networks BIG-IP : Linux kernel vulnerability (K01512680)NessusF5 Networks Local Security Checks
high
145675CentOS 8 : kernel (CESA-2019:1959)NessusCentOS Local Security Checks
critical
143086RHEL 7 : kernel-alt (RHSA-2020:2854)NessusRed Hat Local Security Checks
medium
134387EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)NessusHuawei Local Security Checks
critical
132700RHEL 7 : kernel (RHSA-2020:0036)NessusRed Hat Local Security Checks
critical
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
131719RHEL 6 : MRG (RHSA-2019:4057)NessusRed Hat Local Security Checks
high
131675RHEL 7 : kernel (RHSA-2019:4058)NessusRed Hat Local Security Checks
high
129920NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)NessusNewStart CGSL Local Security Checks
medium
129900NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)NessusNewStart CGSL Local Security Checks
medium
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
127976Oracle Linux 8 : kernel (ELSA-2019-1959)NessusOracle Linux Local Security Checks
critical
127726Scientific Linux Security Update : kernel on SL7.x x86_64 (20190729)NessusScientific Linux Local Security Checks
high
127641RHEL 8 : kernel-rt (RHSA-2019:1971)NessusRed Hat Local Security Checks
critical
127637RHEL 8 : kernel (RHSA-2019:1959)NessusRed Hat Local Security Checks
critical
127623RHEL 7 : kernel-rt (RHSA-2019:1891)NessusRed Hat Local Security Checks
high
127618RHEL 7 : kernel (RHSA-2019:1873)NessusRed Hat Local Security Checks
high
127603Oracle Linux 7 : kernel (ELSA-2019-1873)NessusOracle Linux Local Security Checks
high
127469CentOS 7 : kernel (CESA-2019:1873)NessusCentOS Local Security Checks
high
126378Photon OS 3.0: Linux PHSA-2019-3.0-0009NessusPhotonOS Local Security Checks
critical
126045SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
125667openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479)NessusSuSE Local Security Checks
high
125587EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1635)NessusHuawei Local Security Checks
high