Published on May 28th, 2019 📆 | 5168 Views ⚑
0Linux Kernel up to 5.1.5 net/ipv6/ipv6_sockglue.c ip6_ra_control new_ra denial of service
CVSS Meta Temp Score | Current Exploit Price (≈) |
---|---|
5.5 | $0-$5k |
A vulnerability has been found in Linux Kernel up to 5.1.5 (Operating System) and classified as critical. This vulnerability affects the function ip6_ra_control
of the file net/ipv6/ipv6_sockglue.c. The manipulation of the argument new_ra
with an unknown input leads to a denial of service vulnerability (NULL Pointer Dereference). The CWE definition for the vulnerability is CWE-476. As an impact it is known to affect availability.
The weakness was disclosed 05/28/2019. The advisory is shared for download at lkml.org. This vulnerability was named CVE-2019-12378 since 05/27/2019. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 05/28/2019). Responsible for the vulnerability is the following code:
new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; write_lock_bh(&ip6_ra_lock); for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {
Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. A possible mitigation has been published before and not just after the disclosure of the vulnerability. The vulnerability will be addressed with the following lines of code:
if (sel >= 0 && !new_ra) return -ENOMEM;
The entries 2, 3, 4 and 5 are pretty similar.
Vendor
Name
VulDB Meta Base Score: 5.7
VulDB Meta Temp Score: 5.5
VulDB Base Score: ≈5.7
VulDB Temp Score: ≈5.5
VulDB Vector: ?
VulDB Reliability: ?
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Denial of service / NULL Pointer Dereference (CWE-476)
Local: Yes
Remote: No
Availability: ?
Status: Not defined
Price Prediction: ?
Current Price Estimation: ?
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Patch
Status: ?
0-Day Time: ?
Patch: git.kernel.org
05/25/2019 Countermeasure disclosed
05/27/2019 CVE assigned
05/28/2019 Advisory disclosed
05/28/2019 VulDB entry created
05/28/2019 VulDB last updateVendor: kernel.org
Advisory: lkml.org
Status: Confirmed
CVE: CVE-2019-12378 (?)
See also: ?
Created: 05/28/2019 10:01 AM
Complete: ?
Download the whitepaper to learn more about our service!
https://vuldb.com/?id.135652
Gloss