4.9

CVE-2019-15666

An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.0.19
DebianDebian Linux Version8.0
OpensuseLeap Version15.0
OpensuseLeap Version15.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.73% 0.746
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191004-0001/
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19
Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b805d78d300bcf2c83d6df7da0c818b0fee41427
Patch
Vendor Advisory
https://support.f5.com/csp/article/K53420251?utm_source=f5support&amp%3Butm_medium=RSS