6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.1%
An exploitable denial-of-service vulnerability exists in the Linux kernel
prior to mainline 5.3. An attacker could exploit this vulnerability by
triggering AP to send IAPP location updates for stations before the
required authentication process has completed. This could lead to different
denial-of-service scenarios, either by causing CAM table attacks, or by
leading to traffic flapping if faking already existing clients in other
nearby APs of the same wireless infrastructure. An attacker can forge
Authentication and Association Request packets to trigger this
vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-88.88 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-174.204 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1060.62 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1062.66) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1102.113 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.0 | < 5.0.0-1025.28 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1060.62~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 5.0.0-1032.34 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-azure | < 4.15.0-1071.76~14.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1071.76 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2019-5108
nvd.nist.gov/vuln/detail/CVE-2019-5108
security-tracker.debian.org/tracker/CVE-2019-5108
talosintelligence.com/vulnerability_reports/TALOS-2019-0900
ubuntu.com/security/notices/USN-4285-1
ubuntu.com/security/notices/USN-4286-1
ubuntu.com/security/notices/USN-4286-2
ubuntu.com/security/notices/USN-4287-1
ubuntu.com/security/notices/USN-4287-2
www.cve.org/CVERecord?id=CVE-2019-5108
6.5 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.1%