PT-2019-4875 · Linux+4 · Linux Kernel+4

Published

2019-04-16

Updated

2021-05-28

CVE-2019-15920

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.0.11

Description An issue in the Linux kernel is related to a use-after-free in the SMB2 read function, located in fs/cifs/smb2pdu.c. This issue can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 5.0.11, update to version 5.0.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMB2 read function until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-1762

ALT-PU-2019-1767

ALT-PU-2020-1198

ALT-PU-2020-1501

ALT-PU-2020-2410

ALT-PU-2020-2433

ALT-PU-2021-1870

BDU:2020-01463

CESA-2019_3517

CVE-2019-15920

OPENSUSE-SU-2019:2173-1

OPENSUSE-SU-2019:2181-1

OPENSUSE-SU-2019_2173-1

OPENSUSE-SU-2019_2181-1

RHSA-2019:3517

RHSA-2019_3517

SUSE-SU-2019:2412-1

SUSE-SU-2019:2414-1

SUSE-SU-2019:2424-1

SUSE-SU-2019:2648-1

SUSE-SU-2019:2651-1

SUSE-SU-2019:2658-1

SUSE-SU-2019:2738-1

SUSE-SU-2019:2756-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2019-4875 · Linux+4 · Linux Kernel+4

CVE-2019-15920

Weakness Enumeration

Related Identifiers

Affected Products

References · 553