PT-2019-4498 · Linux+5 · Linux Kernel+5

Publicado

2019-03-29

·

Atualizado

2023-01-20

·

CVE-2019-20054

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.0.6
Description The issue is related to a NULL pointer dereference in the drop sysctl table() function in the Linux kernel, specifically in fs/proc/proc sysctl.c, and is connected to the put links command. This could allow an attacker to gain unauthorized access to protected information.
Recommendations For Linux kernel versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the drop sysctl table() function and the put links command until a patch is available.

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALSA-2020:4431
ALT-PU-2019-1584
ALT-PU-2019-1710
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-00357
CESA-2020_4060
CESA-2020_4431
CESA-2020_4609
CVE-2019-20054
OPENSUSE-SU-2020:0336-1
OPENSUSE-SU-2020_0336-1
RHSA-2020:1493
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020_4060
RHSA-2020_4062
RHSA-2020_4431
RHSA-2020_4609
SUSE-SU-2020:0093-1
SUSE-SU-2020:0511-1
SUSE-SU-2020:0559-1
SUSE-SU-2020:0560-1
SUSE-SU-2020:0580-1
SUSE-SU-2020:0584-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
SUSE-SU-2020:1663-1
SUSE-SU-2020_1663-1

Produtos afetados

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Suse