PT-2019-5684 · Linux+4 · Linux Kernel+4

Jann Horn

Publicado

2019-01-29

Atualizado

2021-07-22

CVE-2019-20934

CVSS v2.0

5.4

Média

Vetor

AV:L/AC:M/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.2.6

Description The issue is related to a use-after-free in the show numa stats() function of the Linux kernel's NUMA system, caused by the inappropriate freeing of NUMA fault statistics. This can potentially allow an attacker to cause a denial of service.

Recommendations For Linux kernel versions prior to 5.2.6, update to version 5.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the show numa stats() function to minimize the risk of exploitation.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2019-1139

ALT-PU-2019-1363

ALT-PU-2019-2401

ALT-PU-2019-2465

ALT-PU-2019-2811

ALT-PU-2019-2838

ALT-PU-2019-2853

ALT-PU-2020-1024

ALT-PU-2020-1714

BDU:2020-05553

CESA-2021_2725

CVE-2019-20934

OPENSUSE-SU-2021:0075-1

OPENSUSE-SU-2021_0075-1

RHSA-2021:2725

RHSA-2021:2726

RHSA-2021:3987

RHSA-2021_2725

RHSA-2021_2726

SUSE-SU-2020:3766-1

SUSE-SU-2020:3798-1

SUSE-SU-2021:0097-1

SUSE-SU-2021:0098-1

SUSE-SU-2021:0118-1

SUSE-SU-2021:0133-1

SUSE-SU-2021:0434-1

SUSE-SU-2021:0437-1

SUSE-SU-2021:0438-1

SUSE-SU-2021:0452-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2019-5684 · Linux+4 · Linux Kernel+4

CVE-2019-20934

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 269