Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15920

Опубликовано: 04 сент. 2019
Источник: redhat
CVSS3: 3.3

Описание

An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.

An issue was discovered in the Linux kernel's implementation of the CIFS protocol. The SMB2_read function has a possible use-after-free when CIFS function tracing is enabled. While data is used after being freed, it is has not been determined how it could be used for privilege escalation.

Меры по смягчению последствий

As the CIFS module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install cifs /bin/true" >> /etc/modprobe.d/disable-cifs.conf

The system will need to be restarted if the CIFS modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise MRG 2kernel-rtNot affected
Red Hat Enterprise Linux 8kernelFixedRHSA-2019:351705.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1760864kernel: use-after-free information leak in SMB2_read

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15920

CVSS3: 4.3
ubuntu
больше 6 лет назад

An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.

nvd логотип

CVE-2019-15920

CVSS3: 4.3
nvd
больше 6 лет назад

An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.

debian логотип

CVE-2019-15920

CVSS3: 4.3
debian
больше 6 лет назад

An issue was discovered in the Linux kernel before 5.0.10. SMB2_read i ...

github логотип

GHSA-ppjf-83xq-9mv2

github
больше 3 лет назад

An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.

fstec логотип

BDU:2020-01463

CVSS3: 4.3
fstec
почти 7 лет назад

Уязвимость функции SMB2_read ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

3.3 Low

CVSS3