exploitDog

CVE-2019-8980

Опубликовано: 21 фев. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/107120
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
Mailing List
Third Party Advisory
https://support.f5.com/csp/article/K56480726
Third Party Advisory
https://usn.ubuntu.com/3930-1/
Third Party Advisory
https://usn.ubuntu.com/3930-2/
Third Party Advisory
https://usn.ubuntu.com/3931-1/
Third Party Advisory
https://usn.ubuntu.com/3931-2/
Third Party Advisory
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935698.html
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935705.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/107120
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
Mailing List
Third Party Advisory
https://support.f5.com/csp/article/K56480726
Third Party Advisory
https://usn.ubuntu.com/3930-1/
Third Party Advisory
https://usn.ubuntu.com/3930-2/
Third Party Advisory
https://usn.ubuntu.com/3931-1/
Third Party Advisory
https://usn.ubuntu.com/3931-2/
Third Party Advisory
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935698.html
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935705.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.7 (включая) до 4.9.163 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.14 (включая) до 4.14.106 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.19 (включая) до 4.19.28 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 4.20.15 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.1 (исключая)

cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.0172

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-401

Связанные уязвимости

CVE-2019-8980

CVSS3: 7.5

ubuntu

больше 6 лет назад

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

CVE-2019-8980

CVSS3: 5.5

redhat

больше 6 лет назад

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

CVE-2019-8980

CVSS3: 7.5

debian

больше 6 лет назад

A memory leak in the kernel_read_file function in fs/exec.c in the Lin ...

GHSA-2xr8-28cv-28vv

CVSS3: 7.5

github

около 3 лет назад

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

BDU:2019-00818

CVSS3: 7.5

fstec

больше 6 лет назад

Уязвимость функции kernel_read_file ядра операционной системы Linux, связанная с неправильным освобождением памяти перед удалением последний ссылки, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 82%

0.0172

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-401