Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-12378

Опубликовано: 25 мая 2019
Источник: redhat
CVSS3: 5.7
EPSS Низкий

Описание

An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue

A flaw was discovered in the Linux kernel's implementation of IPv6 router advertisement handling. Under low-memory-free conditions a kmalloc request may fail leaving the system to crash shortly after with a null pointer dereference. The attacker must be able to send IPv6 RA packets to this host, most routers will not forward these packets requiring the attacker to be on the local network.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1715459kernel: unchecked kmalloc of new_ra in ip6_ra_control leads to denial of service

EPSS

Процентиль: 28%
0.00095
Низкий

5.7 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-12378

CVSS3: 5.5
nvd
около 6 лет назад

An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue

debian логотип

CVE-2019-12378

CVSS3: 5.5
debian
около 6 лет назад

An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c ...

github логотип

GHSA-w88v-7x97-pgv3

CVSS3: 5.5
github
около 3 лет назад

An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

fstec логотип

BDU:2024-09048

CVSS3: 5.5
fstec
около 6 лет назад

Уязвимость функции ip6_ra_control компонента net/ipv6/ipv6_sockglue.c ядра операционной системы Linux, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2019-4729

oracle-oval
почти 6 лет назад

ELSA-2019-4729: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 28%
0.00095
Низкий

5.7 Medium

CVSS3