PT-2019-1765 · Linux+5 · Linux Kernel+5

Publicado

2019-01-16

·

Atualizado

2021-06-02

·

CVE-2019-9003

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.20.5
Description The issue is related to a use-after-free vulnerability in the IPMI driver interface (drivers/char/ipmi/ipmi msghandler.c code) of the Linux kernel. This vulnerability can be exploited by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop, potentially leading to a denial of service. The exploitation of this vulnerability may allow a remote attacker to cause a service disruption using the IPMI interface.
Recommendations For Linux kernel versions prior to 4.20.5, update to version 4.20.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPMI interface to minimize the risk of exploitation. Avoid using the ipmi msghandler.c code in the affected kernel versions until the issue is resolved.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2019-1128
ALT-PU-2019-1231
BDU:2019-01406
CESA-2019_1167
CVE-2019-9003
OPENSUSE-SU-2019:1404-1
OPENSUSE-SU-2019_1404-1
RHSA-2019:1167
RHSA-2019_1167
SUSE-SU-2019:1240-1
SUSE-SU-2019:1241-1
SUSE-SU-2019:1242-1
SUSE-SU-2019:1244-1
SUSE-SU-2019:1550-1
SUSE-SU-2019:2430-1
USN-3930-1
USN-3930-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu