Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15919

Опубликовано: 04 сент. 2019
Источник: redhat
CVSS3: 7.8

Описание

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

An flaw was discovered in the Linux kernel's CIFS client implementation. While issuing an SMB2_write, a value can be used after it was intended to be freed when CIFS function tracing is enabled. Even though the data is used after being freed, using it to for privilege escalation does not seem possible.

Меры по смягчению последствий

As the CIFS module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install cifs /bin/true" >> /etc/modprobe.d/disable-cifs.conf

The system will need to be restarted if the CIFS modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise MRG 2kernel-rtNot affected
Red Hat Enterprise Linux 8kernelFixedRHSA-2019:351705.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1750410kernel: use-after-free in SMB2_write function in fs/cifs/smb2pdu.c

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15919

CVSS3: 3.3
ubuntu
больше 6 лет назад

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

nvd логотип

CVE-2019-15919

CVSS3: 3.3
nvd
больше 6 лет назад

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

debian логотип

CVE-2019-15919

CVSS3: 3.3
debian
больше 6 лет назад

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write ...

github логотип

GHSA-m3c6-89vg-9rwq

github
больше 3 лет назад

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

fstec логотип

BDU:2020-02259

CVSS3: 3.3
fstec
почти 7 лет назад

Уязвимость функции SMB2_write (fs/cifs/smb2pdu.c) ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

7.8 High

CVSS3