5.5

CVE-2019-9213

Exploit

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.9 < 4.9.162
LinuxLinux Kernel Version >= 4.14 < 4.14.105
LinuxLinux Kernel Version >= 4.19 < 4.19.27
LinuxLinux Kernel Version >= 4.20 < 4.20.14
DebianDebian Linux Version8.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
OpensuseLeap Version15.0
OpensuseLeap Version42.3
CanonicalUbuntu Linux Version12.04
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 5.83% 0.902
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://usn.ubuntu.com/3933-1/
Third Party Advisory
https://usn.ubuntu.com/3933-2/
Third Party Advisory
https://usn.ubuntu.com/3932-1/
Third Party Advisory
https://usn.ubuntu.com/3932-2/
Third Party Advisory
https://usn.ubuntu.com/3931-1/
Third Party Advisory
https://usn.ubuntu.com/3931-2/
Third Party Advisory
https://usn.ubuntu.com/3930-1/
Third Party Advisory
https://usn.ubuntu.com/3930-2/
Third Party Advisory
http://www.securityfocus.com/bid/107296
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
Third Party Advisory
Exploit
Mailing List
https://www.exploit-db.com/exploits/46502/
Third Party Advisory
Exploit
VDB Entry