7.8

CVE-2019-12615

An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.12.1 < 4.14.130
LinuxLinux Kernel Version >= 4.19 < 4.19.56
LinuxLinux Kernel Version >= 5.1 < 5.1.15
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
LinuxLinux Kernel Version2.6.12 Updaterc6
LinuxLinux Kernel Version5.2 Updaterc1
LinuxLinux Kernel Version5.2 Updaterc2
LinuxLinux Kernel Version5.2 Updaterc3
LinuxLinux Kernel Version5.2 Updaterc4
NetappAff A700s Firmware Version-
   NetappAff A700s Version-
NetappActive Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
NetappSolidfire Version-
NetappCn1610 Firmware Version-
   NetappCn1610 Version-
NetappH610s Firmware Version-
   NetappH610s Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.57% 0.879
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://security.netapp.com/advisory/ntap-20190710-0002/
Third Party Advisory
http://www.securityfocus.com/bid/108549
Third Party Advisory
VDB Entry
https://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc.git/commit/?id=80caf43549e7e41a695c6d1e11066286538b336f
Patch
Vendor Advisory
https://support.f5.com/csp/article/K60924046
Third Party Advisory
https://support.f5.com/csp/article/K60924046?utm_source=f5support&amp%3Butm_medium=RSS
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2014901.html