CVE-2019-9213
Advisory lineage Upstream: 0 Downstream: 37
Modified
Published: 05 Mar 2019, 22:00
Last modified:04 Aug 2024, 21:38
Vulnerability Summary
Overall Risk (default)
medium
33/100 CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
6.93% LOW
7% probability +1.63%
KEV
Not listed
Ransomware
No reports
Public exploits
5 found
Dark Web
Not detected
Timeline
05 Mar 2019, 22:00
Published
Vulnerability first disclosed
04 Aug 2024, 21:38
Last Modified
Vulnerability information updated
Description
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 6.93%• Percentile: 92%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- canonical•ubuntu_linux
12.04 | 14.04 | 16.04 | 18.10
- debian•debian_linux
8.0
- linux•linux_kernel
≥ 4.9, < 4.9.162 | ≥ 4.14, < 4.14.105 | ≥ 4.19, < 4.19.27 | ≥ 4.20, < 4.20.14
- opensuse•leap
15.0 | 42.3
- redhat•enterprise_linux
7.0 | 8.0
References (26)
- https://www.exploit-db.com/exploits/46502/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105
- https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1
- http://www.securityfocus.com/bid/107296
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://usn.ubuntu.com/3932-1/
- https://usn.ubuntu.com/3932-2/
- https://usn.ubuntu.com/3930-1/
- https://usn.ubuntu.com/3931-1/
- https://usn.ubuntu.com/3933-2/
- https://usn.ubuntu.com/3931-2/
- https://usn.ubuntu.com/3930-2/
- https://usn.ubuntu.com/3933-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html
- https://access.redhat.com/errata/RHSA-2019:0831
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
- https://access.redhat.com/errata/RHSA-2019:1479
- https://access.redhat.com/errata/RHSA-2019:1480
- http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html