PT-2019-4437 · Linux+1 · Linux Kernel+1

Mao Wenan

Published

2019-09-18

Updated

2023-01-17

CVE-2019-18680

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.4.195

Description The issue is related to a NULL pointer dereference in the rds tcp kill sock() function, which can cause denial of service. This can be exploited by a remote attacker to disrupt service.

Recommendations For Linux kernel versions prior to 4.4.195, update to version 4.4.195 or later to resolve the issue. As a temporary workaround, consider restricting access to the rds tcp kill sock() function until a patch is available.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2020-00194

CVE-2019-18680

SUSE-SU-2019:2984-1

SUSE-SU-2019:3379-1

SUSE-SU-2020:2491-1

SUSE-SU-2020:2497-1

Affected Products

Linux Kernel

Suse

PT-2019-4437 · Linux+1 · Linux Kernel+1

CVE-2019-18680

Weakness Enumeration

Related Identifiers

Affected Products

References · 201