A vulnerability has been found in Linux Kernel up to 5.2.13 (Operating System) and classified as critical. Affected by this vulnerability is the function nbd_genl_status of the file drivers/block/nbd.c. The manipulation as part of a Return Value leads to a null pointer dereference vulnerability. The CWE definition for the vulnerability is CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.

The weakness was shared 09/06/2019 as confirmed bug report (Website). The advisory is shared at lore.kernel.org. This vulnerability is known as CVE-2019-16089 since 09/06/2019. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at lore.kernel.org. The vulnerability will be addressed with the following lines of code:

if (!dev_list) {
   ret = -EMSGSIZE;
   goto out;
}

The entries 140765, 140890, 141092 and 141232 are related to this item.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.2.0
• 5.2.1
• 5.2.2
• 5.2.3
• 5.2.4
• 5.2.5
• 5.2.6
• 5.2.7
• 5.2.8
• 5.2.9
• 5.2.10
• 5.2.11
• 5.2.12
• 5.2.13

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion