PT-2019-4656 · Linux+5 · Linux Kernel+5

Ran Menscher

+2

·

Published

2019-01-11

·

Updated

2022-04-22

·

CVE-2019-3460

CVSS v3.1

6.5

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.1-rc1
Description A heap data infoleak was found in multiple locations, including the L2CAP PARSE CONF RSP function, in the Linux kernel. This issue is related to a buffer overflow in the heap, which can be exploited by a remote attacker to gain access to confidential data.
Recommendations For Linux kernel versions prior to 5.1-rc1, update to a version 5.1-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the L2CAP PARSE CONF RSP function to minimize the risk of exploitation.

Exploit

Fix

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-200

Related Identifiers

ALT-PU-2019-1893
ALT-PU-2019-1896
ALT-PU-2019-2120
ALT-PU-2019-2311
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-00844
CESA-2019_2029
CESA-2019_3309
CESA-2019_3517
CVE-2019-3460
DLA-1771-1
DLA-1799-1
DLA-1799-2
OPENSUSE-SU-2019:0203-1
OPENSUSE-SU-2019_0140-1
OPENSUSE-SU-2019_0203-1
OPENSUSE-SU-2019_0274-1
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019_2029
RHSA-2019_2043
RHSA-2019_3309
RHSA-2019_3517
RHSA-2020:0740
SUSE-SU-2019:0439-1
SUSE-SU-2019:0470-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:0765-1
SUSE-SU-2019:0767-1
SUSE-SU-2019:0784-1
SUSE-SU-2019:0785-1
SUSE-SU-2019:0901-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:14127-1
SUSE-SU-2019_14127-1
USN-3930-1
USN-3930-2
USN-3931-1
USN-3931-2
USN-3932-1
USN-3932-2
USN-3933-1
USN-3933-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu