PT-2019-4752 · Linux+5 · Linux Kernel+5

Ori Nimron

·

Published

2019-09-20

·

Updated

2022-03-31

·

CVE-2019-17055

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.3.2
Description The issue is related to the base sock create function in the AF ISDN network module of the Linux kernel, which lacks sufficient input validation. This can be exploited to impact data integrity. Unprivileged users can create a raw socket due to the lack of enforcement of the CAP NET RAW capability.
Recommendations For Linux kernel versions through 5.3.2, update to a version that contains a fix for this issue to prevent unprivileged users from creating raw sockets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-862

Related Identifiers

ALT-PU-2019-2838
ALT-PU-2019-2845
ALT-PU-2019-2891
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-01324
CESA-2020_0790
CESA-2020_1567
CESA-2020_1769
CESA-2020_4060
CVE-2019-17055
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2019:2503-1
OPENSUSE-SU-2019:2507-1
OPENSUSE-SU-2019_2503-1
OPENSUSE-SU-2019_2507-1
RHSA-2020:0790
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020_0790
RHSA-2020_1567
RHSA-2020_1769
RHSA-2020_4060
RHSA-2020_4062
SUSE-SU-2019:14218-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2950-1
SUSE-SU-2019:2951-1
SUSE-SU-2019:2953-1
SUSE-SU-2019:2984-1
SUSE-SU-2019:3200-1
SUSE-SU-2019:3294-1
SUSE-SU-2019:3295-1
SUSE-SU-2019:3317-1
SUSE-SU-2019:3371-1
SUSE-SU-2019:3372-1
SUSE-SU-2019:3381-1
SUSE-SU-2019_14218-1
SUSE-SU-2020:0093-1
USN-4184-1
USN-4185-1
USN-4185-2
USN-4186-1
USN-4186-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu