Lucene search

K
nvd[email protected]NVD:CVE-2019-8912
HistoryFeb 18, 2019 - 6:29 p.m.

CVE-2019-8912

2019-02-1818:29:00
CWE-416
web.nvd.nist.gov
11

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

32.1%

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

Affected configurations

Nvd
Node
linuxlinux_kernelRange4.10–4.14.103
OR
linuxlinux_kernelRange4.19–4.19.25
OR
linuxlinux_kernelRange4.20–4.20.12
OR
linuxlinux_kernelMatch5.0rc1
OR
linuxlinux_kernelMatch5.0rc2
OR
linuxlinux_kernelMatch5.0rc3
OR
linuxlinux_kernelMatch5.0rc4
OR
linuxlinux_kernelMatch5.0rc5
OR
linuxlinux_kernelMatch5.0rc6
OR
linuxlinux_kernelMatch5.0rc7
OR
linuxlinux_kernelMatch5.0rc8
Node
redhatenterprise_linuxMatch7.0
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch18.10
Node
opensuseleapMatch15.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.0cpe:2.3:o:linux:linux_kernel:5.0:rc1:*:*:*:*:*:*
linuxlinux_kernel5.0cpe:2.3:o:linux:linux_kernel:5.0:rc2:*:*:*:*:*:*
linuxlinux_kernel5.0cpe:2.3:o:linux:linux_kernel:5.0:rc3:*:*:*:*:*:*
linuxlinux_kernel5.0cpe:2.3:o:linux:linux_kernel:5.0:rc4:*:*:*:*:*:*
linuxlinux_kernel5.0cpe:2.3:o:linux:linux_kernel:5.0:rc5:*:*:*:*:*:*
linuxlinux_kernel5.0cpe:2.3:o:linux:linux_kernel:5.0:rc6:*:*:*:*:*:*
linuxlinux_kernel5.0cpe:2.3:o:linux:linux_kernel:5.0:rc7:*:*:*:*:*:*
linuxlinux_kernel5.0cpe:2.3:o:linux:linux_kernel:5.0:rc8:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 151

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

32.1%