PT-2019-4656 · Linux+5 · Linux Kernel+5

Ran Menscher

+2

·

Publicado

2019-01-11

·

Atualizado

2022-04-22

·

CVE-2019-3460

CVSS v3.1

6.5

Média

VetorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.1-rc1
Description A heap data infoleak was found in multiple locations, including the L2CAP PARSE CONF RSP function, in the Linux kernel. This issue is related to a buffer overflow in the heap, which can be exploited by a remote attacker to gain access to confidential data.
Recommendations For Linux kernel versions prior to 5.1-rc1, update to a version 5.1-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the L2CAP PARSE CONF RSP function to minimize the risk of exploitation.

Exploit

Correção

RCE

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-200

Identificadores relacionados

ALT-PU-2019-1893
ALT-PU-2019-1896
ALT-PU-2019-2120
ALT-PU-2019-2311
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-00844
CESA-2019_2029
CESA-2019_3309
CESA-2019_3517
CVE-2019-3460
DLA-1771-1
DLA-1799-1
DLA-1799-2
OPENSUSE-SU-2019:0203-1
OPENSUSE-SU-2019_0140-1
OPENSUSE-SU-2019_0203-1
OPENSUSE-SU-2019_0274-1
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019_2029
RHSA-2019_2043
RHSA-2019_3309
RHSA-2019_3517
RHSA-2020:0740
SUSE-SU-2019:0439-1
SUSE-SU-2019:0470-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:0765-1
SUSE-SU-2019:0767-1
SUSE-SU-2019:0784-1
SUSE-SU-2019:0785-1
SUSE-SU-2019:0901-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:14127-1
SUSE-SU-2019_14127-1
USN-3930-1
USN-3930-2
USN-3931-1
USN-3931-2
USN-3932-1
USN-3932-2
USN-3933-1
USN-3933-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu