CVE-2019-12381

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.

References

http://www.securityfocus.com/bid/108473

https://bugzilla.redhat.com/show_bug.cgi?id=1715501

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=425aa0e1d01513437668fa3d4a971168bbaa8515

https://lists.fedoraproject.org/archives/list/[email protected]/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/

https://lkml.org/lkml/2019/5/25/230

Details

Source: MITRE

Published: 2019-05-28

Updated: 2019-06-20

Type: CWE-476

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.1.5 (inclusive)

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
134735EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1269)NessusHuawei Local Security Checks
critical
134387EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)NessusHuawei Local Security Checks
critical
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
128929EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)NessusHuawei Local Security Checks
critical
128842EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)NessusHuawei Local Security Checks
high
127985Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)NessusOracle Linux Local Security Checks
high
127613Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4729)NessusOracle Linux Local Security Checks
medium
127565OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0038)NessusOracleVM Local Security Checks
medium
126176Photon OS 1.0: Linux PHSA-2019-1.0-0240NessusPhotonOS Local Security Checks
high
126106Photon OS 2.0: Linux PHSA-2019-2.0-0165NessusPhotonOS Local Security Checks
critical
125790Fedora 30 : kernel / kernel-headers (2019-f40bd7826f)NessusFedora Local Security Checks
high
125746Fedora 29 : kernel / kernel-headers / kernel-tools (2019-7ec378191e)NessusFedora Local Security Checks
high