Lucene search

AirbusCVELIST:CVE-2019-18567

HistorySep 10, 2019 - 12:00 a.m.

CVE-2019-18567 Bromium client - out of bound read results in race condition causing Kernel memory leaks or denial of service

2019-09-1000:00:00

CWE-362

airbus

www.cve.org

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.

CNA Affected

[
  {
    "product": "Bromium client",
    "vendor": "Bromium",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.3.2060"
      },
      {
        "status": "affected",
        "version": "?< 4.0.3.2060"
      },
      {
        "status": "affected",
        "version": "?>= 4.0.3.2060"
      },
      {
        "status": "affected",
        "version": "< 4.1.7 Update 1"
      }
    ]
  }
]

References

airbus-cyber-security.com/dive-into-a-kernel-bromium-race-condition-cve-2019-18567

support.bromium.com/s/article/Bromium-Secure-Platform-4-1-Update-7-Released

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2019-18567