CVE-2019-3874

LOW

Description

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

References

https://access.redhat.com/errata/RHSA-2019:3309

https://access.redhat.com/errata/RHSA-2019:3517

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

https://security.netapp.com/advisory/ntap-20190411-0003/

https://usn.ubuntu.com/3979-1/

https://usn.ubuntu.com/3980-1/

https://usn.ubuntu.com/3980-2/

https://usn.ubuntu.com/3981-1/

https://usn.ubuntu.com/3981-2/

https://usn.ubuntu.com/3982-1/

https://usn.ubuntu.com/3982-2/

Details

Source: MITRE

Published: 2019-03-25

Updated: 2020-10-19

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 3.3

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.5

Severity: LOW

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from 3.10.1 to 3.10.108 (inclusive)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from 4.18.1 to 4.18.20 (inclusive)

Configuration 6

AND

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

ID	Name	Product	Family	Severity
141396	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5885)	Nessus	Oracle Linux Local Security Checks	high
141374	OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)	Nessus	OracleVM Local Security Checks	critical
141207	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)	Nessus	Oracle Linux Local Security Checks	critical
140933	Debian DLA-2385-1 : linux-4.19 security update	Nessus	Debian Local Security Checks	high
140500	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5844)	Nessus	Oracle Linux Local Security Checks	high
140499	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845)	Nessus	Oracle Linux Local Security Checks	high
135614	EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1452)	Nessus	Huawei Local Security Checks	high
132499	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)	Nessus	NewStart CGSL Local Security Checks	high
132490	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)	Nessus	NewStart CGSL Local Security Checks	high
130547	RHEL 8 : kernel (RHSA-2019:3517)	Nessus	Red Hat Local Security Checks	high
130526	RHEL 8 : kernel-rt (RHSA-2019:3309)	Nessus	Red Hat Local Security Checks	high
129261	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2068)	Nessus	Huawei Local Security Checks	high
125513	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)	Nessus	Huawei Local Security Checks	high
125144	Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3982-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	medium
125143	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3982-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	medium
125142	Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3981-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	high
125141	Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3981-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	high
125140	Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3980-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	high
125139	Ubuntu 18.10 : Linux kernel vulnerabilities (USN-3980-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	high
125138	Ubuntu 19.04 : Linux kernel vulnerabilities (USN-3979-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	critical