CVE-2019-3460

Exploit

EPSS 0.48%
Published 11.04.2019 16:29:02
Last modified 21.11.2024 04:42:05
Source security@debian.org
Teams watchlist Login
Open Login

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

Affected products Warnungen 0 Metrics 3 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 5.1

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Debian ≫ Debian Linux Version8.0

Redhat ≫ Codeready Linux Builder Version8.0

Redhat ≫ Virtualization Host Version4.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.1

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux For Real Time Version7

Redhat ≫ Enterprise Linux For Real Time Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Version7

Redhat ≫ Enterprise Linux For Real Time For Nfv Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.4

Redhat ≫ Enterprise Linux For Real Time Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time Tus Version8.4

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.48%	0.644

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2019:3517

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/06/27/7

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2019/06/28/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2019/06/28/2

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2019:2029

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2043

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2019:3309

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/06/27/2

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2019/08/12/1

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2020:0740

Third Party Advisory

https://marc.info/?l=oss-security&m=154721580222522&w=2

Patch

Third Party Advisory

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=1663179

Third Party Advisory

Issue Tracking

Mitigation

https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0

Patch

Vendor Advisory

https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047%40kroah.com/

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-3460

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3460

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3460

EUVD