Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-12381

Опубликовано: 25 мая 2019
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL

A flaw was discovered in the Linux kernel that allows an attacker to crash a system under low-memory free conditions in the ipv4 router advertisement code. The attacker must be able to send 'router advertisements' which limits the attack vector to be on the same physical segment.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1715501kernel: unchecked kmalloc of new_ra in ip_ra_control leads to denial of service

EPSS

Процентиль: 27%
0.00089
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-12381

CVSS3: 5.5
nvd
около 6 лет назад

An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL

debian логотип

CVE-2019-12381

CVSS3: 5.5
debian
около 6 лет назад

An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in ...

github логотип

GHSA-5xx2-hrc4-gfq8

CVSS3: 5.5
github
около 3 лет назад

An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

fstec логотип

BDU:2024-09046

CVSS3: 5.5
fstec
около 6 лет назад

Уязвимость функции ip_ra_control компонента net/ipv4/ip_sockglue.c ядра операционной системы Linux, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

oracle-oval логотип

ELSA-2019-4729

oracle-oval
почти 6 лет назад

ELSA-2019-4729: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 27%
0.00089
Низкий

5.5 Medium

CVSS3