4.7

CVE-2019-16994

Exploit
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.0
OpensuseLeap Version15.1
RedhatEnterprise Linux Version7.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.36
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.7 3.4 6.9
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://security.netapp.com/advisory/ntap-20191031-0005/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
Third Party Advisory
Mailing List
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07f12b26e21ab359261bf75cfcb424fdc7daeb6d
Patch
Vendor Advisory
Exploit
Issue Tracking
https://github.com/torvalds/linux/commit/07f12b26e21ab359261bf75cfcb424fdc7daeb6d
Patch
Third Party Advisory