PT-2019-1765 · Linux+5 · Linux Kernel+5

Published

2019-01-16

·

Updated

2021-06-02

·

CVE-2019-9003

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.20.5
Description The issue is related to a use-after-free vulnerability in the IPMI driver interface (drivers/char/ipmi/ipmi msghandler.c code) of the Linux kernel. This vulnerability can be exploited by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop, potentially leading to a denial of service. The exploitation of this vulnerability may allow a remote attacker to cause a service disruption using the IPMI interface.
Recommendations For Linux kernel versions prior to 4.20.5, update to version 4.20.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPMI interface to minimize the risk of exploitation. Avoid using the ipmi msghandler.c code in the affected kernel versions until the issue is resolved.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-1128
ALT-PU-2019-1231
BDU:2019-01406
CESA-2019_1167
CVE-2019-9003
OPENSUSE-SU-2019:1404-1
OPENSUSE-SU-2019_1404-1
RHSA-2019:1167
RHSA-2019_1167
SUSE-SU-2019:1240-1
SUSE-SU-2019:1241-1
SUSE-SU-2019:1242-1
SUSE-SU-2019:1244-1
SUSE-SU-2019:1550-1
SUSE-SU-2019:2430-1
USN-3930-1
USN-3930-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu