Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2019-19037

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 18 нояб. 2019
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat
CVSS3: 5.5
EPSS Низкий

ОписаниС

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.

A NULL pointer dereference flaw was found in the Linux kernel’s Ext4 FileSystem in the way it uses a crafted ext4 image. This flaw allows a local user with physical access to crash the system.

ΠžΡ‚Ρ‡Π΅Ρ‚

This issue is rated as having Low impact because of the preconditions needed to trigger the issue (physical access or user interaction to mount the crafted filesystem image).

ΠœΠ΅Ρ€Ρ‹ ΠΏΠΎ ΡΠΌΡΠ³Ρ‡Π΅Π½ΠΈΡŽ послСдствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹

ΠŸΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΠ°ΠŸΠ°ΠΊΠ΅Ρ‚Π‘ΠΎΡΡ‚ΠΎΡΠ½ΠΈΠ΅Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΡΠ Π΅Π»ΠΈΠ·
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernelOut of support scope

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Бтатус:

Low
Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1775182kernel: null-pointer dereference in ext4_empty_dir in fs/ext4/namei.c

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 77%
0.01076
Низкий

5.5 Medium

CVSS3

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2019-19037

CVSS3: 5.5
ubuntu
ΠΏΠΎΡ‡Ρ‚ΠΈ 6 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2019-19037

CVSS3: 5.5
nvd
ΠΏΠΎΡ‡Ρ‚ΠΈ 6 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2019-19037

CVSS3: 5.5
debian
ΠΏΠΎΡ‡Ρ‚ΠΈ 6 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 a ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-98hp-cmc8-vgp6

github
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2019-04855

CVSS3: 5.5
fstec
ΠΏΠΎΡ‡Ρ‚ΠΈ 6 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΈ ext4_empty_dir (fs/ext4/namei.c) ядра ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы Linux, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ ΠΎΡ‚ΠΊΠ°Π· Π² обслуТивании

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 77%
0.01076
Низкий

5.5 Medium

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2019-19037