CVE-2019-8912

Опубликовано: 18 фев. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html
Mailing List
Third Party Advisory
http://patchwork.ozlabs.org/patch/1042902/
Patch
Third Party Advisory
http://www.securityfocus.com/bid/107063
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2020:0174
Third Party Advisory
https://usn.ubuntu.com/3930-1/
Third Party Advisory
https://usn.ubuntu.com/3930-2/
Third Party Advisory
https://usn.ubuntu.com/3931-1/
Third Party Advisory
https://usn.ubuntu.com/3931-2/
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-8912
Issue Tracking
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html
Mailing List
Third Party Advisory
http://patchwork.ozlabs.org/patch/1042902/
Patch
Third Party Advisory
http://www.securityfocus.com/bid/107063
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2020:0174
Third Party Advisory
https://usn.ubuntu.com/3930-1/
Third Party Advisory
https://usn.ubuntu.com/3930-2/
Third Party Advisory
https://usn.ubuntu.com/3931-1/
Third Party Advisory
https://usn.ubuntu.com/3931-2/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.14.103 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.19 (включая) до 4.19.25 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 4.20.12 (исключая)

cpe:2.3:o:linux:linux_kernel:5.0:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.0:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.0:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.0:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.0:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.0:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.0:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.0:rc8:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00427

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2019-8912

CVSS3: 7.8

ubuntu

больше 6 лет назад

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

CVE-2019-8912

CVSS3: 7.8

redhat

больше 6 лет назад

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

CVE-2019-8912

CVSS3: 7.8

debian

больше 6 лет назад

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg ...

GHSA-4wpv-r6m6-xjq5

CVSS3: 7.8

github

около 3 лет назад

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

BDU:2019-02363

CVSS3: 7.8

fstec

больше 6 лет назад

Уязвимость функции af_alg_release ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код в режиме ядра

EPSS

Процентиль: 61%

0.00427

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-416