CVE-2019-12819
kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.
Fue encontrado un problema en el kernel de Linux anterior a versión 5.0. La función __mdiobus_register() en el archivo drivers/net/phy/mdio_bus.c llama a put_device(), que desencadenará un uso después de liberar de fix_mdio_bus_init . Esto causará una denegación de servicio.
A use-after-free flaw was found in the Linux kernel's MDIO section of the network management subsystem. An attacker who is able to hot-plug a network device can trigger the __mdiobus_register() function in drivers/net/phy/mdio_bus.c, which can cause a use-after-free condition causing a memory corruption and kernel panic or privilege escalation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-06-13 CVE Reserved
- 2019-06-14 CVE Published
- 2024-06-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html | X_refsource_misc | |
http://www.securityfocus.com/bid/108768 | Third Party Advisory | |
https://security.netapp.com/advisory/ntap-20190710-0002 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html | 2019-06-18 | |
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html | 2019-06-18 | |
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html | 2019-06-18 | |
https://usn.ubuntu.com/4094-1 | 2019-06-18 | |
https://usn.ubuntu.com/4118-1 | 2019-06-18 | |
https://access.redhat.com/security/cve/CVE-2019-12819 | 2020-04-28 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1721962 | 2020-04-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.0 Search vendor "Linux" for product "Linux Kernel" and version " < 5.0" | - |
Affected
|