[email protected]CVE-2019-12614

HistoryJun 03, 2019 - 10:29 p.m.

CVE-2019-12614

2019-06-0322:29:00

CWE-476

[email protected]

web.nvd.nist.gov

446

cve-2019-12614

linux kernel

dlpar_parse_cc_property

denial of service

null pointer dereference

system crash

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

4.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.8%

JSON

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

Affected configurations

NVD

Node

linuxlinux_kernelRange≤5.1.6

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

fedoraprojectfedoraMatch29

fedoraprojectfedoraMatch30

opensuseleapMatch15.0

opensuseleapMatch15.1

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle5.1.6

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	5.1.6

References

lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html

lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html

packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html

packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

www.securityfocus.com/bid/108550

git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/

lkml.org/lkml/2019/6/3/526

seclists.org/bugtraq/2020/Jan/10

security.netapp.com/advisory/ntap-20190710-0002/

support.f5.com/csp/article/K54337315

support.f5.com/csp/article/K54337315?utm_source=f5support&amp%3Butm_medium=RSS

usn.ubuntu.com/4093-1/

usn.ubuntu.com/4094-1/

usn.ubuntu.com/4095-1/

usn.ubuntu.com/4095-2/

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

4.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for CVE-2019-12614

veracode1 debiancve1 nvd1 redhatcve1 ubuntucve1 f51 prion1 cvelist1 fedora29 openvas48 ibm2 nessus32 ubuntu4 suse2 cloudfoundry2 redhat5 slackware1 almalinux1 centos1 oraclelinux2 osv1