CVE-2019-19965

Опубликовано: 24 дек. 2019

Источник: redhat

CVSS3: 4.7

Описание

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

A NULL pointer dereference flaw was found in the Linux kernel’s SCSI disk subsystem. A local user could use this flaw to crash the system, causing a denial of service.

Меры по смягчению последствий

To mitigate this issue, prevent module libsas from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Out of support scope
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Fix deferred
Red Hat Enterprise Linux 7	kernel-alt	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Fix deferred
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise MRG 2	kernel-rt	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-362->CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1794404kernel: NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery

4.7 Medium

CVSS3