PT-2019-15838 · Illumos · Illumos
Dan Mcdonald
·
Publicado
2019-11-29
·
Atualizado
2024-03-05
·
CVE-2019-19396
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
illumos versions prior to r151030y
Description
The issue allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket. This is because uts/common/inet/ip/ip attr.c mishandles conn ixa dereferences.
Recommendations
For versions prior to r151030y, update to r151030y or later to resolve the issue. As a temporary workaround, consider restricting concurrent sendmsg calls over a single socket to minimize the risk of exploitation.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Illumos