CVE-2019-11486
Advisory lineage Upstream: 0 Downstream: 21
Modified
Published: 23 Apr 2019, 22:00
Last modified:04 Aug 2024, 22:55
Vulnerability Summary
Overall Risk (default)
medium
28/100 CVSS Score
7 HIGH
v3.1 (nvd)
EPSS Score
0.05% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Apr 2019, 22:00
Published
Vulnerability first disclosed
04 Aug 2024, 22:55
Last Modified
Vulnerability information updated
Description
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVSS Metrics
- v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.05%• Percentile: 15%
Techniques & Countermeasures
- CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Affected Systems
- debian•debian_linux
9.0
- linux•linux_kernel
< 3.16.66 | ≥ 3.17, < 3.18.139 | ≥ 3.19, < 4.4.179 | ≥ 4.5, < 4.9.169 | ≥ 4.10, < 4.14.112 | ≥ 4.15, < 4.19.35 | ≥ 4.20, < 5.0.8
- netapp•active_iq
na
- netapp•hci_management_node
na
- netapp•snapprotect
na
- netapp•solidfire
na
- netapp•storage_replication_adapter_for_clustered_data_ontap
9.7
- netapp•vasa_provider_for_clustered_data_ontap
9.7
- netapp•virtual_storage_console
9.7
- opensuse•leap
15.1 | 42.3
References (17)
- https://github.com/torvalds/linux/commit/c7084edc3f6d67750f50d4183134c4fb5712a5c8
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c7084edc3f6d67750f50d4183134c4fb5712a5c8
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169
- http://www.openwall.com/lists/oss-security/2019/04/29/1
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
- https://security.netapp.com/advisory/ntap-20190517-0005/
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
- https://support.f5.com/csp/article/K50222414
- https://www.debian.org/security/2019/dsa-4465
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- https://seclists.org/bugtraq/2019/Jun/26