PT-2019-6420 · Linux+3 · Linux Kernel+3

Jann Horn

Published

2019-02-27

Updated

2024-05-30

CVE-2019-25160

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to v4.8

Description The issue is related to out-of-bounds memory accesses in the Linux kernel's netlabel component. There are two array out-of-bounds memory accesses, one in the cipso v4 map lvl valid() function, the other in the netlbl bitmap walk() function. Both errors are simple and the fixes are straightforward.

Recommendations For Linux kernel versions prior to v4.8, apply the netlbl bitmap walk() patch to cipso v4 bitmap walk(), as netlbl bitmap walk() does not exist before Linux v4.8. As a temporary workaround, consider disabling the cipso v4 map lvl valid() and netlbl bitmap walk() functions until a patch is available. Restrict access to the netlabel component to minimize the risk of exploitation.

Fix

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-125

Related Identifiers

AZL-39908

BDU:2024-01699

CESA-2019_3517

CVE-2019-25160

RHSA-2019:3517

RHSA-2019_3517

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1870-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2019-6420 · Linux+3 · Linux Kernel+3

CVE-2019-25160

Weakness Enumeration

Related Identifiers

Affected Products

References · 466