Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-12380

Опубликовано: 25 мая 2019
Источник: redhat
CVSS3: 6.2
EPSS Низкий

Описание

DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.

A flaw was found in the Linux kernel's implementation of UEFI. An attacker who can influence early-boot memory initialization could possibly influence firmware initialization and memory allocations, resulting in a panic of a guest or target system during early boot of that same system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise Linux 8kernelWill not fix
Red Hat Enterprise Linux 8kernel-rtWill not fix
Red Hat Enterprise MRG 2kernel-rtOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-252
https://bugzilla.redhat.com/show_bug.cgi?id=1715494kernel: memory allocation failure in the efi subsystem leads to denial of service

EPSS

Процентиль: 21%
0.00068
Низкий

6.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-12380

CVSS3: 5.5
ubuntu
около 6 лет назад

**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.

nvd логотип

CVE-2019-12380

CVSS3: 5.5
nvd
около 6 лет назад

**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.

debian логотип

CVE-2019-12380

CVSS3: 5.5
debian
около 6 лет назад

**DISPUTED** An issue was discovered in the efi subsystem in the Linux ...

github логотип

GHSA-7xmv-6q8v-3hhw

github
около 3 лет назад

An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.

suse-cvrf логотип

openSUSE-SU-2019:1571-1

suse-cvrf
около 6 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 21%
0.00068
Низкий

6.2 Medium

CVSS3