PT-2019-4491 · Linux+3 · Linux Kernel+3

Published

2019-12-09

·

Updated

2022-03-31

·

CVE-2019-19965

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.7
Description The issue is related to errors in pointer dereferencing in the Linux kernel component drivers/scsi/libsas/sas discover.c. It may allow an attacker to cause a denial of service due to incorrect handling of port disconnection during discovery, related to a PHY down race condition.
Recommendations For Linux kernel versions prior to 5.4.7, update to version 5.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the sas discover.c component until a patch is available.

Exploit

Fix

Race Condition

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-476

Related Identifiers

ALT-PU-2020-1003
ALT-PU-2020-1010
ALT-PU-2020-1043
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-00350
CVE-2019-19965
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2020:0336-1
OPENSUSE-SU-2020_0336-1
SUSE-SU-2020:0511-1
SUSE-SU-2020:0558-1
SUSE-SU-2020:0559-1
SUSE-SU-2020:0560-1
SUSE-SU-2020:0580-1
SUSE-SU-2020:0584-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0605-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
SUSE-SU-2020:14354-1
SUSE-SU-2020:1663-1
SUSE-SU-2020_1663-1
USN-4284-1
USN-4285-1
USN-4286-1
USN-4286-2
USN-4287-1
USN-4287-2

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu