CVE-2019-11811

Опубликовано: 07 мая 2019

Источник: nvd

CVSS3: 7

CVSS2: 6.9

EPSS Низкий

Описание

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
Third Party Advisory
http://www.securityfocus.com/bid/108410
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:1873
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1891
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1959
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1971
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4057
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4058
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0036
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.4
Release Notes
Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=401e7e88d4ef80188ffa07095ac00456f901b8c4
Patch
Vendor Advisory
https://github.com/torvalds/linux/commit/401e7e88d4ef80188ffa07095ac00456f901b8c4
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190719-0003/
Third Party Advisory
https://support.f5.com/csp/article/K01512680
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
Third Party Advisory
http://www.securityfocus.com/bid/108410
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:1873
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1891
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1959
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1971
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.18 (включая) до 4.19.31 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.0.4 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

7 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2019-11811

CVSS3: 7

ubuntu

около 6 лет назад

CVE-2019-11811

CVSS3: 7

redhat

около 6 лет назад

CVE-2019-11811

CVSS3: 7

debian

около 6 лет назад

An issue was discovered in the Linux kernel before 5.0.4. There is a u ...

GHSA-62x2-7ppm-gf38

CVSS3: 7

github

около 3 лет назад

BDU:2019-03237

CVSS3: 7

fstec

больше 6 лет назад

Уязвимость драйверов drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c и drivers/char/ipmi/ipmi_si_port_io.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 15%

0.00049

Низкий

7 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-416