PT-2019-4491 · Linux+3 · Linux Kernel+3

Publicado

2019-12-09

·

Atualizado

2022-03-31

·

CVE-2019-19965

CVSS v3.1

4.7

Média

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.7
Description The issue is related to errors in pointer dereferencing in the Linux kernel component drivers/scsi/libsas/sas discover.c. It may allow an attacker to cause a denial of service due to incorrect handling of port disconnection during discovery, related to a PHY down race condition.
Recommendations For Linux kernel versions prior to 5.4.7, update to version 5.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the sas discover.c component until a patch is available.

Exploit

Correção

Race Condition

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-476

Identificadores relacionados

ALT-PU-2020-1003
ALT-PU-2020-1010
ALT-PU-2020-1043
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-00350
CVE-2019-19965
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2020:0336-1
OPENSUSE-SU-2020_0336-1
SUSE-SU-2020:0511-1
SUSE-SU-2020:0558-1
SUSE-SU-2020:0559-1
SUSE-SU-2020:0560-1
SUSE-SU-2020:0580-1
SUSE-SU-2020:0584-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0605-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
SUSE-SU-2020:14354-1
SUSE-SU-2020:1663-1
SUSE-SU-2020_1663-1
USN-4284-1
USN-4285-1
USN-4286-1
USN-4286-2
USN-4287-1
USN-4287-2

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu