PT-2019-4695 · Linux+5 · Linux Kernel+5

Austin Clements

+2

·

Publicado

2019-11-28

·

Atualizado

2021-05-28

·

CVE-2019-19602

CVSS v2.0

6.8

Média

VetorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.2
Description The issue is related to the fpregs state valid function in the Linux kernel, which can be exploited by context-dependent attackers to cause a denial of service or possibly have other unspecified impacts due to incorrect caching. This is demonstrated by the mishandling of signal-based non-cooperative preemption in certain environments. The vulnerability may also allow an attacker to disclose protected information or cause a denial of service, as it is caused by a "race condition" situation.
Recommendations For Linux kernel versions prior to 5.4.2, update to version 5.4.2 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Exploit

Correção

DoS

Race Condition

Incorrect Permission

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-732CWE-119

Identificadores relacionados

ALSA-2020:4431
ALT-PU-2019-3293
ALT-PU-2019-3343
ALT-PU-2019-3369
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-01074
CESA-2020_4431
CVE-2019-19602
RHSA-2020:4431
RHSA-2020_4431
USN-4284-1

Produtos afetados

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Ubuntu