Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-8912
HistoryFeb 18, 2019 - 12:00 a.m.

CVE-2019-8912

2019-02-1800:00:00
ubuntu.com
ubuntu.com
19

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.1%

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c
neglects to set a NULL value for a certain structure member, which leads to
a use-after-free in sockfs_setattr.

Notes

Author Note
tyhicks NVD has published CVSS metrics that state that the attack vector is β€œNetwork” which results in a CRITICAL CVSS score but that does not match Ubuntu’s assessment. The attack vector is β€œLocal” since AF_ALG is a address family that strictly operates locally between a userspace process and the kernel crypto API and the attack requires a specific sequence of operations to be performed on the file descriptor that represents the socket. This has been addressed in a more generic manner, to fix other network families, by this commit in the net tree: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=ff7b11aa481f682e0e9711abfeb7d03f5cd612bf
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux<Β 4.15.0-47.50UNKNOWN
ubuntu18.10noarchlinux<Β 4.18.0-17.18UNKNOWN
ubuntu18.04noarchlinux-aws<Β 4.15.0-1035.37UNKNOWN
ubuntu18.10noarchlinux-aws<Β 4.18.0-1012.14UNKNOWN
ubuntu16.04noarchlinux-aws-hwe<Β 4.15.0-1035.37~16.04.1UNKNOWN
ubuntu18.04noarchlinux-azure<Β 4.18.0-1014.14~18.04.1UNKNOWN
ubuntu18.10noarchlinux-azure<Β 4.18.0-1014.14UNKNOWN
ubuntu14.04noarchlinux-azure<Β 4.15.0-1041.45~14.04.1UNKNOWN
ubuntu16.04noarchlinux-azure<Β 4.15.0-1041.45UNKNOWN
ubuntu18.04noarchlinux-azure-edge<Β 4.18.0-1014.14~18.04.1UNKNOWN
Rows per page:
1-10 of 271

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.1%