CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
46.8%
An exploitable denial-of-service vulnerability exists in the Linux kernel
prior to mainline 5.3. An attacker could exploit this vulnerability by
triggering AP to send IAPP location updates for stations before the
required authentication process has completed. This could lead to different
denial-of-service scenarios, either by causing CAM table attacks, or by
leading to traffic flapping if faking already existing clients in other
nearby APs of the same wireless infrastructure. An attacker can forge
Authentication and Association Request packets to trigger this
vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-88.88 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-174.204 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1060.62 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1062.66 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1102.113 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.0 | < 5.0.0-1025.28 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1060.62~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 5.0.0-1032.34 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-azure | < 4.15.0-1071.76~14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1071.76 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2019-5108
nvd.nist.gov/vuln/detail/CVE-2019-5108
security-tracker.debian.org/tracker/CVE-2019-5108
talosintelligence.com/vulnerability_reports/TALOS-2019-0900
ubuntu.com/security/notices/USN-4285-1
ubuntu.com/security/notices/USN-4286-1
ubuntu.com/security/notices/USN-4286-2
ubuntu.com/security/notices/USN-4287-1
ubuntu.com/security/notices/USN-4287-2
www.cve.org/CVERecord?id=CVE-2019-5108
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
46.8%