CVE-2019-8912

Published Feb 18, 2019

Last updated 4 years ago

CVSS high 7.8

Overview

Description: In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "040564BC-E62C-4C5A-A187-EA9D2C4C6976",
            "versionEndExcluding": "4.14.103",
            "versionStartIncluding": "4.10"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC63428E-1B75-4342-B016-1C3150E0A325",
            "versionEndExcluding": "4.19.25",
            "versionStartIncluding": "4.19"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C078F94-1B1E-4975-A4D3-60E303B4CFB4",
            "versionEndExcluding": "4.20.12",
            "versionStartIncluding": "4.20"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5F099C8-DC7F-48C6-AAF8-C0DBFFD49620"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAA85E1C-749B-47C9-B0AC-403FCFEA4D96"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "963CFC36-FBAD-465F-9891-CDBBF962DFDD"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B084A7A-6047-4804-9395-6000E4A43828"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.0:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3430640-AC87-44BF-ABF5-09E0A97E3758"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.0:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDF49B77-4688-4908-9239-89B729456D22"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.0:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77F342FB-3D7B-4EAE-BF8B-57B7B860BAFD"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.0:rc8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47D61679-6515-4E18-83C7-A71982CCD83C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References