Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on May 28th, 2019 📆 | 5168 Views ⚑

0

Linux Kernel up to 5.1.5 net/ipv6/ipv6_sockglue.c ip6_ra_control new_ra denial of service


iSpeech.org

CVSS Meta Temp Score Current Exploit Price (≈)
5.5 $0-$5k

A vulnerability has been found in Linux Kernel up to 5.1.5 (Operating System) and classified as critical. This vulnerability affects the function ip6_ra_control of the file net/ipv6/ipv6_sockglue.c. The manipulation of the argument new_ra with an unknown input leads to a denial of service vulnerability (NULL Pointer Dereference). The CWE definition for the vulnerability is CWE-476. As an impact it is known to affect availability.

The weakness was disclosed 05/28/2019. The advisory is shared for download at lkml.org. This vulnerability was named CVE-2019-12378 since 05/27/2019. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 05/28/2019). Responsible for the vulnerability is the following code: 

new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;

write_lock_bh(&ip6_ra_lock);
for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {

Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. A possible mitigation has been published before and not just after the disclosure of the vulnerability. The vulnerability will be addressed with the following lines of code:

if (sel >= 0 && !new_ra)
	return -ENOMEM;

The entries 2, 3, 4 and 5 are pretty similar.

Vendor

Name

VulDB Meta Base Score: 5.7
VulDB Meta Temp Score: 5.5

VulDB Base Score: ≈5.7
VulDB Temp Score: ≈5.5
VulDB Vector: ?
VulDB Reliability: ?

VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Denial of service / NULL Pointer Dereference (CWE-476)
Local: Yes
Remote: No

Availability: ?
Status: Not defined

Price Prediction: ?
Current Price Estimation: ?






0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Patch
Status: ?

0-Day Time: ?

Patch: git.kernel.org

05/25/2019 Countermeasure disclosed
05/27/2019 +2 days CVE assigned
05/28/2019 +1 days Advisory disclosed
05/28/2019 +0 days VulDB entry created
05/28/2019 +0 days VulDB last updateVendor: kernel.org

Advisory: lkml.org
Status: Confirmed

CVE: CVE-2019-12378 (?)
See also: ?

Created: 05/28/2019 10:01 AM
Complete: ?

Download the whitepaper to learn more about our service!

https://vuldb.com/?id.135652

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑