PT-2019-4657 · Linux+5 · Linux Kernel+5

Ran Menscher

+2

·

Published

2019-01-11

·

Updated

2022-04-22

·

CVE-2019-3459

CVSS v3.1

6.5

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.1-rc1
Description A heap address information leak was discovered in the Linux kernel, related to the function L2CAP GET CONF OPT. This issue is associated with a buffer overflow in the heap, which can be exploited by a remote attacker to access confidential data.
Recommendations For Linux kernel versions prior to 5.1-rc1, update to version 5.1-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the L2CAP GET CONF OPT function until a patch is available.

Exploit

Fix

Information Disclosure

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-125

Related Identifiers

ALT-PU-2019-1893
ALT-PU-2019-1896
ALT-PU-2019-2120
ALT-PU-2019-2311
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-00845
CESA-2019_2029
CESA-2019_3309
CESA-2019_3517
CVE-2019-3459
DLA-1771-1
DLA-1799-1
DLA-1799-2
OPENSUSE-SU-2019:0203-1
OPENSUSE-SU-2019_0140-1
OPENSUSE-SU-2019_0203-1
OPENSUSE-SU-2019_0274-1
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019_2029
RHSA-2019_2043
RHSA-2019_3309
RHSA-2019_3517
RHSA-2020:0740
SUSE-SU-2019:0439-1
SUSE-SU-2019:0470-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:0765-1
SUSE-SU-2019:0767-1
SUSE-SU-2019:0784-1
SUSE-SU-2019:0785-1
SUSE-SU-2019:0901-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:14127-1
SUSE-SU-2019_14127-1
USN-3930-1
USN-3930-2
USN-3931-1
USN-3931-2
USN-3932-1
USN-3932-2
USN-3933-1
USN-3933-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu