PT-2019-4695 · Linux+5 · Linux Kernel+5

Austin Clements

Published

2019-11-28

Updated

2021-05-28

CVE-2019-19602

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.2

Description The issue is related to the fpregs state valid function in the Linux kernel, which can be exploited by context-dependent attackers to cause a denial of service or possibly have other unspecified impacts due to incorrect caching. This is demonstrated by the mishandling of signal-based non-cooperative preemption in certain environments. The vulnerability may also allow an attacker to disclose protected information or cause a denial of service, as it is caused by a "race condition" situation.

Recommendations For Linux kernel versions prior to 5.4.2, update to version 5.4.2 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Exploit

Fix

DoS

Race Condition

Incorrect Permission

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-732CWE-119

Related Identifiers

ALSA-2020:4431

ALT-PU-2019-3293

ALT-PU-2019-3343

ALT-PU-2019-3369

ALT-PU-2020-1198

ALT-PU-2020-1421

ALT-PU-2020-1450

ALT-PU-2020-1501

ALT-PU-2020-1714

ALT-PU-2020-2410

ALT-PU-2020-2433

ALT-PU-2021-1870

BDU:2020-01074

CESA-2020_4431

CVE-2019-19602

RHSA-2020:4431

RHSA-2020_4431

USN-4284-1

Affected Products

Alt Linux

Almalinux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2019-4695 · Linux+5 · Linux Kernel+5

CVE-2019-19602

Weakness Enumeration

Related Identifiers

Affected Products

References · 96