PT-2019-6333 · Linux+3 · Linux Kernel+3

Published

2019-03-03

·

Updated

2023-04-19

·

CVE-2019-15292

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.0.9
Description The issue is related to a use-after-free in the Linux kernel, specifically in the atalk proc exit function, and is associated with the files net/appletalk/atalk proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl net atalk.c. Additionally, there is a vulnerability in the pde subdir find() function in the fs/proc/generic.c module, which is also related to a use-after-free due to a lack of checking the results of called functions. This could allow an attacker to cause a denial of service.
Recommendations For Linux kernel versions prior to 5.0.9, update to version 5.0.9 or later to resolve the issue. As a temporary workaround, consider disabling the atalk proc exit function and restricting access to the net/appletalk directory until a patch is available. Avoid using the pde subdir find() function in the fs/proc/generic.c module until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-1712
ALT-PU-2019-1713
ALT-PU-2019-1762
BDU:2023-02534
CVE-2019-15292
DLA-1919-1
DLA-1919-2
DLA-1930-1
OPENSUSE-SU-2019:2173-1
OPENSUSE-SU-2019:2181-1
OPENSUSE-SU-2019_2173-1
OPENSUSE-SU-2019_2181-1
SUSE-SU-2019:14218-1
SUSE-SU-2019:2412-1
SUSE-SU-2019:2414-1
SUSE-SU-2019:2424-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2738-1
SUSE-SU-2019:2756-1
SUSE-SU-2019_14218-1
USN-4115-1
USN-4115-2
USN-4118-1

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu