PT-2019-5753 · Linux+5 · Linux Kernel+5

Published

2014-04-02

Updated

2023-02-12

CVE-2019-3874

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel versions 3.10.x through 4.18.x

Description The issue is related to the SCTP socket buffer used by a userspace application not being accounted for by the cgroups subsystem. This can be exploited to cause a denial of service attack. The vulnerability is also described as a use-after-free issue in the Linux operating system's SCTP socket buffer, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Linux Kernel versions 3.10.x through 4.18.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-400

Related Identifiers

ALT-PU-2014-1422

ALT-PU-2018-2631

ALT-PU-2018-2699

BDU:2021-01410

CESA-2019_3309

CESA-2019_3517

CVE-2019-3874

DLA-2385-1

OPENSUSE-SU-2021:3876-1

OPENSUSE-SU-2021_3876-1

RHSA-2019:3309

RHSA-2019:3517

RHSA-2019_3309

RHSA-2019_3517

SUSE-SU-2021:3192-1

SUSE-SU-2021:3206-1

SUSE-SU-2021:3217-1

SUSE-SU-2021:3876-1

SUSE-SU-2021:3969-1

SUSE-SU-2021:3972-1

SUSE-SU-2022:4561-1

SUSE-SU-2022:4611-1

USN-3979-1

USN-3980-1

USN-3980-2

USN-3981-1

USN-3981-2

USN-3982-1

USN-3982-2

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2019-5753 · Linux+5 · Linux Kernel+5

CVE-2019-3874

Weakness Enumeration

Related Identifiers

Affected Products

References · 351