Lucene search

Veracode Vulnerability DatabaseVERACODE:19172

HistoryMay 16, 2019 - 2:50 a.m.

Denial Of Service (DoS)

2019-05-1602:50:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

JSON

Linux kernel is vulnerable to denial of service(DoS) attacks. This is because get_net_ns_by_id() function in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr. This could allow an unprivileged local user to induce kernel memory corruption on the system which may leads to a crash.

CPENameOperatorVersion
kernel-rteq3.10.0__514.2.2.rt56.424.el7
kernel-rteq3.10.0__693.11.1.rt56.632.el7
kernel-rteq3.10.0__514.6.1.rt56.429.el7
kernel-rteq3.10.0__693.2.2.rt56.623.el7
kernel-rteq3.10.0__693.2.1.rt56.620.el7
kerneleq3.10.0__693.11.1.el7
kerneleq3.10.0__693.5.2.p7ih.el7
kerneleq3.10.0__693.el7
kerneleq3.10.0__693.2.2.el7
kerneleq3.10.0__693.5.2.el7

Name	Operator	Version
kernel-rt	eq	3.10.0__514.2.2.rt56.424.el7
kernel-rt	eq	3.10.0__693.11.1.rt56.632.el7
kernel-rt	eq	3.10.0__514.6.1.rt56.429.el7
kernel-rt	eq	3.10.0__693.2.2.rt56.623.el7
kernel-rt	eq	3.10.0__693.2.1.rt56.620.el7
kernel	eq	3.10.0__693.11.1.el7
kernel	eq	3.10.0__693.5.2.p7ih.el7
kernel	eq	3.10.0__693.el7
kernel	eq	3.10.0__693.2.2.el7
kernel	eq	3.10.0__693.5.2.el7

Rows per page:

1-10 of 381

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0

seclists.org/oss-sec/2018/q1/7

www.securityfocus.com/bid/102485

access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.5_Release_Notes/index.html

access.redhat.com/errata/RHSA-2018:0654

access.redhat.com/errata/RHSA-2018:0676

access.redhat.com/errata/RHSA-2018:1062

access.redhat.com/errata/RHSA-2019:1946

access.redhat.com/security/cve/CVE-2017-13305

access.redhat.com/security/cve/CVE-2017-15129

access.redhat.com/security/cve/CVE-2017-15274

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1292927

bugzilla.redhat.com/show_bug.cgi?id=1401061

bugzilla.redhat.com/show_bug.cgi?id=1430418

bugzilla.redhat.com/show_bug.cgi?id=1448770

bugzilla.redhat.com/show_bug.cgi?id=1452589

bugzilla.redhat.com/show_bug.cgi?id=1462329

bugzilla.redhat.com/show_bug.cgi?id=1500894

bugzilla.redhat.com/show_bug.cgi?id=1503749

bugzilla.redhat.com/show_bug.cgi?id=1506255

bugzilla.redhat.com/show_bug.cgi?id=1507270

bugzilla.redhat.com/show_bug.cgi?id=1509264

bugzilla.redhat.com/show_bug.cgi?id=1518274

bugzilla.redhat.com/show_bug.cgi?id=1518638

bugzilla.redhat.com/show_bug.cgi?id=1531174

github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0

marc.info/?l=linux-netdev&m=151370451121029&w=2

marc.info/?t=151370468900001&r=1&w=2

usn.ubuntu.com/3617-1/

usn.ubuntu.com/3617-2/

usn.ubuntu.com/3617-3/

usn.ubuntu.com/3619-1/

usn.ubuntu.com/3619-2/

usn.ubuntu.com/3632-1/

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

JSON

Related for VERACODE:19172