Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-18680

Опубликовано: 18 сент. 2019
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.

A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rds_tcp kernel module that is loaded through an autoload via a local process running listen(), or manual loading, could possibly cause a kernel panic.

Меры по смягчению последствий

While this is a network protocol being affected, the protocol is not available by default. A local process (or user) can trigger the protocol to be used which will then be loaded automatically would then have the vulnerable code loaded and the attack vector opened. To reiterate it is unlikely that most Linux systems will be using this protocol and therefore affected. Most systems do NOT have this protocol used by services. This is an infrequently used module and if you wish to blacklist it, you can follow the steps outlined in https://access.redhat.com/solutions/41278 to blacklist the "rds_tcp" module for the relevant version of Red Hat Enterprise Linux.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1772527kernel: NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c

EPSS

Процентиль: 82%
0.01696
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-18680

CVSS3: 7.5
ubuntu
больше 6 лет назад

An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.

nvd логотип

CVE-2019-18680

CVSS3: 7.5
nvd
больше 6 лет назад

An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.

debian логотип

CVE-2019-18680

CVSS3: 7.5
debian
больше 6 лет назад

An issue was discovered in the Linux kernel 4.4.x before 4.4.195. Ther ...

github логотип

GHSA-c5gf-3566-pjg5

CVSS3: 7.5
github
больше 3 лет назад

An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.

fstec логотип

BDU:2020-00194

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость функции rds_tcp_kill_sock() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 82%
0.01696
Низкий

7.5 High

CVSS3