PT-2019-5418 · Linux+5 · Linux Kernel+5

Published

2019-02-22

Updated

2021-05-28

CVE-2019-12819

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.0

Description An issue in the Linux kernel is related to a use-after-free vulnerability in the mdiobus register() function, located in drivers/net/phy/mdio bus.c. This function calls put device(), which triggers a use-after-free of fix mdio bus init, resulting in a denial of service. The vulnerability can be exploited to cause a service disruption.

Recommendations For Linux kernel versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the mdiobus register() function until a patch is available.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-1506

ALT-PU-2019-1548

ALT-PU-2020-1198

ALT-PU-2020-1501

ALT-PU-2020-2410

ALT-PU-2020-2433

ALT-PU-2021-1870

BDU:2020-02921

CESA-2020_1567

CESA-2020_1769

CVE-2019-12819

OPENSUSE-SU-2019:1571-1

OPENSUSE-SU-2019:1579-1

OPENSUSE-SU-2019_1570-1

OPENSUSE-SU-2019_1571-1

OPENSUSE-SU-2019_1579-1

RHSA-2020:1567

RHSA-2020:1769

RHSA-2020_1567

RHSA-2020_1769

SUSE-SU-2019:1550-1

SUSE-SU-2019:1823-1

SUSE-SU-2019:1823-2

SUSE-SU-2019:1829-1

SUSE-SU-2019:1851-1

SUSE-SU-2019:1852-1

SUSE-SU-2019:1855-1

SUSE-SU-2019:2069-1

SUSE-SU-2019:2430-1

SUSE-SU-2019:2450-1

USN-4094-1

USN-4118-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2019-5418 · Linux+5 · Linux Kernel+5

CVE-2019-12819

Weakness Enumeration

Related Identifiers

Affected Products

References · 758