CVE-2019-17056low
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
References
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html
Details
Source: MITRE
Published: 2019-10-01
Updated: 2019-10-25
Type: CWE-276
Risk Information
CVSS v2
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
CVSS v3
Base Score: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Impact Score: 1.4
Exploitability Score: 1.8
Severity: LOW
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.3.2 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 134486 | EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1197) | Nessus | Huawei Local Security Checks | critical |
| 134240 | Debian DLA-2114-1 : linux-4.9 security update | Nessus | Debian Local Security Checks | critical |
| 133101 | Debian DLA-2068-1 : linux security update | Nessus | Debian Local Security Checks | critical |
| 132925 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1) | Nessus | SuSE Local Security Checks | critical |
| 132796 | EulerOS Virtualization for ARM 64 3.0.5.0 : kernel (EulerOS-SA-2020-1042) | Nessus | Huawei Local Security Checks | critical |
| 132071 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3295-1) | Nessus | SuSE Local Security Checks | high |
| 131845 | EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353) | Nessus | Huawei Local Security Checks | critical |
| 131833 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3200-1) | Nessus | SuSE Local Security Checks | high |
| 131349 | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283) | Nessus | Huawei Local Security Checks | high |
| 131120 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1) | Nessus | SuSE Local Security Checks | critical |
| 131014 | Ubuntu 16.04 LTS : Linux kernel vulnerability (USN-4186-3) | Nessus | Ubuntu Local Security Checks | high |
| 131013 | Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerability and regression (USN-4185-3) | Nessus | Ubuntu Local Security Checks | high |
| 131012 | Ubuntu 18.04 LTS / 19.04 : Linux kernel vulnerability and regression (USN-4184-2) | Nessus | Ubuntu Local Security Checks | high |
| 130966 | Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4186-1) | Nessus | Ubuntu Local Security Checks | high |
| 130965 | Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4185-1) | Nessus | Ubuntu Local Security Checks | high |
| 130964 | Ubuntu 18.04 LTS / 19.04 : Linux kernel vulnerabilities (USN-4184-1) | Nessus | Ubuntu Local Security Checks | high |
| 130951 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2953-1) | Nessus | SuSE Local Security Checks | high |
| 130950 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic) | Nessus | SuSE Local Security Checks | critical |
| 130949 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1) | Nessus | SuSE Local Security Checks | critical |
| 130947 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2947-1) | Nessus | SuSE Local Security Checks | high |
| 130946 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2946-1) | Nessus | SuSE Local Security Checks | high |
| 130751 | Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01) | Nessus | Slackware Local Security Checks | critical |
| 130736 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274) | Nessus | Huawei Local Security Checks | critical |
| 130663 | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201) | Nessus | Huawei Local Security Checks | critical |
| 130582 | openSUSE Security Update : the Linux Kernel (openSUSE-2019-2444) | Nessus | SuSE Local Security Checks | high |
| 130452 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2879-1) | Nessus | SuSE Local Security Checks | high |
| 130338 | openSUSE Security Update : the Linux Kernel (openSUSE-2019-2392) | Nessus | SuSE Local Security Checks | high |
| 130297 | Fedora 29 : kernel / kernel-headers / kernel-tools (2019-41e28660ae) | Nessus | Fedora Local Security Checks | low |
| 129701 | Fedora 31 : kernel / kernel-headers / kernel-tools (2019-b1de72b00b) | Nessus | Fedora Local Security Checks | low |