PT-2019-4979 · Linux+3 · Linux Kernel+3

Martin K. Petersen

Published

2019-05-29

Updated

2026-03-14

CVE-2019-12456

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.1.5

Description An issue was discovered in the MPT3COMMAND case in ctl ioctl main in drivers/scsi/mpt3sas/mpt3sas ctl.c. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc number between two kernel reads of that value, aka a "double fetch" vulnerability. A third party reports that this is unexploitable because the doubly fetched value is not used.

Recommendations For Linux kernel versions through 5.1.5, consider upgrading to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2019-2024

ALT-PU-2019-2036

ALT-PU-2019-2120

ALT-PU-2019-2311

ALT-PU-2020-1198

ALT-PU-2020-1501

ALT-PU-2020-2410

ALT-PU-2020-2433

ALT-PU-2021-1870

BDU:2020-01602

CVE-2019-12456

ECHO-C416-3131-D35B

OPENSUSE-SU-2019:1571-1

OPENSUSE-SU-2019:1579-1

OPENSUSE-SU-2019_1570-1

OPENSUSE-SU-2019_1571-1

OPENSUSE-SU-2019_1579-1

SUSE-SU-2019:1823-1

SUSE-SU-2019:1823-2

SUSE-SU-2019:1829-1

SUSE-SU-2019:1851-1

SUSE-SU-2019:1852-1

SUSE-SU-2019:1855-1

SUSE-SU-2019:1870-1

SUSE-SU-2019:2430-1

SUSE-SU-2019:2450-1

SUSE-SU-2020:14354-1

SUSE-SU-2020_14354-1

Affected Products

Alt Linux

Debian

Linux Kernel

Suse

PT-2019-4979 · Linux+3 · Linux Kernel+3

CVE-2019-12456

Weakness Enumeration

Related Identifiers

Affected Products

References · 756