CVE-2019-5108

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900

https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e

https://security.netapp.com/advisory/ntap-20200204-0002/

http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html

https://usn.ubuntu.com/4285-1/

https://usn.ubuntu.com/4287-1/

https://usn.ubuntu.com/4286-2/

https://usn.ubuntu.com/4287-2/

https://usn.ubuntu.com/4286-1/

https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

https://www.debian.org/security/2020/dsa-4698

https://www.oracle.com/security-alerts/cpuApr2021.html

Details

Source: MITRE

Published: 2019-12-23

Updated: 2021-06-14

Type: CWE-20

Risk Information

CVSS v2

Base Score: 3.3

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.5

Severity: LOW

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
150665SUSE SLES11 Security Update : kernel (SUSE-SU-2020:14442-1)NessusSuSE Local Security Checks
high
141374OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)NessusOracleVM Local Security Checks
critical
141207Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)NessusOracle Linux Local Security Checks
critical
140499Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845)NessusOracle Linux Local Security Checks
critical
137516EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674)NessusHuawei Local Security Checks
critical
137340Debian DSA-4698-1 : linux - security updateNessusDebian Local Security Checks
medium
137339Debian DLA-2242-1 : linux-4.9 security updateNessusDebian Local Security Checks
medium
137283Debian DLA-2241-2 : linux security updateNessusDebian Local Security Checks
medium
136782SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1275-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
critical
136661SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1)NessusSuSE Local Security Checks
critical
136239EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1536)NessusHuawei Local Security Checks
critical
135685RHEL 7 : kernel-alt (RHSA-2020:1493)NessusRed Hat Local Security Checks
critical
135525EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-1396)NessusHuawei Local Security Checks
critical
135224SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0868-1)NessusSuSE Local Security Checks
high
135129EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1342)NessusHuawei Local Security Checks
critical
134971Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-086-01)NessusSlackware Local Security Checks
critical
133992EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1158)NessusHuawei Local Security Checks
critical
133913EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112)NessusHuawei Local Security Checks
critical
133800Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4287-1)NessusUbuntu Local Security Checks
high
133799Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4286-1)NessusUbuntu Local Security Checks
medium
133798Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4285-1)NessusUbuntu Local Security Checks
high