Lucene search

Veracode Vulnerability DatabaseVERACODE:19517

HistoryMay 16, 2019 - 3:18 a.m.

Privilege Escalation

2019-05-1603:18:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Linux kernel is vulnerable to privilege escalation vulnerability. The vulnerability exists in the function snd_rawmidi_input_params() of the file rawmidi.c of the component MIDI Kernel Driver. An attacker could manipulate this with an unknown input which lead to a privilege escalation impacting confidentiality, integrity and availability.

CPENameOperatorVersion
kerneleq2.6.32__696.1.1.bgq.el6
kerneleq2.6.32__696.28.1.el6
kerneleq3.10.0__693.el7
kerneleq2.6.32__358.6.1.el6
kerneleq2.6.32__431.40.2.el6
kerneleq2.6.32__642.6.2.el6
kerneleq2.6.32__642.3.1.el6
kerneleq2.6.32__71.18.2.el6
kerneleq2.6.32__358.14.1.el6
kerneleq2.6.32__279.19.1.el6

Name	Operator	Version
kernel	eq	2.6.32__696.1.1.bgq.el6
kernel	eq	2.6.32__696.28.1.el6
kernel	eq	3.10.0__693.el7
kernel	eq	2.6.32__358.6.1.el6
kernel	eq	2.6.32__431.40.2.el6
kernel	eq	2.6.32__642.6.2.el6
kernel	eq	2.6.32__642.3.1.el6
kernel	eq	2.6.32__71.18.2.el6
kernel	eq	2.6.32__358.14.1.el6
kernel	eq	2.6.32__279.19.1.el6

Rows per page:

1-10 of 4701

References

www.securityfocus.com/bid/105119

www.securitytracker.com/id/1041529

access.redhat.com/articles/3553061

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

access.redhat.com/errata/RHSA-2018:3083

access.redhat.com/errata/RHSA-2018:3096

access.redhat.com/errata/RHSA-2019:0415

access.redhat.com/errata/RHSA-2019:0641

access.redhat.com/errata/RHSA-2019:3217

access.redhat.com/errata/RHSA-2019:3967

access.redhat.com/security/cve/CVE-2017-18360

access.redhat.com/security/cve/CVE-2018-10902

access.redhat.com/security/cve/CVE-2018-18690

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1322930

bugzilla.redhat.com/show_bug.cgi?id=1488484

bugzilla.redhat.com/show_bug.cgi?id=1504058

bugzilla.redhat.com/show_bug.cgi?id=1507027

bugzilla.redhat.com/show_bug.cgi?id=1542494

bugzilla.redhat.com/show_bug.cgi?id=1557434

bugzilla.redhat.com/show_bug.cgi?id=1557599

bugzilla.redhat.com/show_bug.cgi?id=1558328

bugzilla.redhat.com/show_bug.cgi?id=1561162

bugzilla.redhat.com/show_bug.cgi?id=1563697

bugzilla.redhat.com/show_bug.cgi?id=1564186

bugzilla.redhat.com/show_bug.cgi?id=1568167

bugzilla.redhat.com/show_bug.cgi?id=1572983

bugzilla.redhat.com/show_bug.cgi?id=1584775

bugzilla.redhat.com/show_bug.cgi?id=1590720

bugzilla.redhat.com/show_bug.cgi?id=1592654

bugzilla.redhat.com/show_bug.cgi?id=1609717

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0

lists.debian.org/debian-lts-announce/2018/10/msg00003.html

usn.ubuntu.com/3776-1/

usn.ubuntu.com/3776-2/

usn.ubuntu.com/3847-1/

usn.ubuntu.com/3847-2/

usn.ubuntu.com/3847-3/

usn.ubuntu.com/3849-1/

usn.ubuntu.com/3849-2/

www.debian.org/security/2018/dsa-4308

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:19517