Linux Kernel up to 5.3.3 net/ipv6/fib6_rules.c fib6_rule_suppress release of resource
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.4 | $0-$5k | 0.00 |
A vulnerability was found in Linux Kernel up to 5.3.3 (Operating System). It has been classified as critical. This affects the function fib6_rule_suppress
of the file net/ipv6/fib6_rules.c. The manipulation with an unknown input leads to a release of resource vulnerability. CWE is classifying the issue as CWE-772. The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
The weakness was released 10/18/2019. This vulnerability is uniquely identified as CVE-2019-18198 since 10/18/2019. An attack has to be approached locally. Required for exploitation is a authentication. Technical details are known, but no exploit is available.
Upgrading to version 5.3.4 eliminates this vulnerability.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.4
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Release of resourceCWE: CWE-772 / CWE-400 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 5.3.4
Patch: git.kernel.org
Timeline
10/18/2019 🔍10/18/2019 🔍
10/19/2019 🔍
01/17/2024 🔍
Sources
Vendor: kernel.orgAdvisory: ca7a03c4175366a92cee0ccc4fec0038c3266e26
Status: Not defined
CVE: CVE-2019-18198 (🔍)
Entry
Created: 10/19/2019 07:35Updated: 01/17/2024 09:24
Changes: 10/19/2019 07:35 (39), 10/19/2019 07:40 (18), 01/17/2024 09:21 (6), 01/17/2024 09:24 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.