Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-18680
HistoryNov 04, 2019 - 12:00 a.m.

CVE-2019-18680

2019-11-0400:00:00
ubuntu.com
ubuntu.com
7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

64.1%

An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is
a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that
will cause denial of service, aka CID-91573ae4aed0.

Notes

Author Note
PHLin this patch was targeted for 4.4 only, from the author’s comment: Upstream does not use tc->t_sock in the second loop after below two patches. afb4164d91c7 (“RDS: TCP: Refactor connection destruction to handle multiple paths”) and 2d746c93b6e5 (“rds: tcp: remove redundant function rds_tcp_conn_paths_destroy()”)
OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchlinux-aws< 4.4.0-1098.109UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-168.197UNKNOWN
ubuntu16.04noarchlinux-kvm< 4.4.0-1062.69UNKNOWN
ubuntu16.04noarchlinux-raspi2< 4.4.0-1125.134UNKNOWN
ubuntu16.04noarchlinux-snapdragon< 4.4.0-1129.137UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

64.1%