CVE-2019-16921

Опубликовано: 27 сент. 2019

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813.

An information disclosure flaw was found in the Linux kernel. The Infiniband driver does not initialize the resp data structure which allows an attacker to obtain sensitive information from kernel stack memory. The highest threat from this vulnerability is to data confidentiality.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1762321kernel: information disclosure in hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c

EPSS

Процентиль: 50%

0.00272

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-16921

CVSS3: 7.5

ubuntu

больше 6 лет назад

CVE-2019-16921

CVSS3: 7.5

nvd

больше 6 лет назад

CVE-2019-16921

CVSS3: 7.5

debian

больше 6 лет назад

In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/in ...

GHSA-4f4g-m6h2-8q23

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 50%

0.00272

Низкий

7.5 High

CVSS3