CVE-2019-9003
kernel: use-after-free and OOPS in drivers/char/ipmi/ipmi_msghandler.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
En el kernel de Linux, en versiones anteriores a la 4.20.5, los atacantes pueden desencadenar un uso de memoria previamente liberada y un estado "OOPS" en drivers/char/ipmi/ipmi_msghandler.c haciendo que cierto código se ejecute de forma simultánea, tal y como queda demostrado con un bucle "service ipmievd restart".
A use-after-free and OOPs flaw was found in the Linux kernel's drivers/char/ipmi/ipmi_msghandler.c code. By arranging certain simultaneous execution of the code accessing IPMI device files, an attacker can cause a denial of service (DoS) attack.
Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture subsystem. A physically proximate attacker could use this to cause a denial of service. Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-02-22 CVE Reserved
- 2019-02-22 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107145 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20190327-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html | 2021-06-02 | |
| https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5 | 2021-06-02 | |
| https://usn.ubuntu.com/3930-1 | 2021-06-02 | |
| https://usn.ubuntu.com/3930-2 | 2021-06-02 | |
| https://access.redhat.com/security/cve/CVE-2019-9003 | 2019-05-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1681007 | 2019-05-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Cn1610 Firmware Search vendor "Netapp" for product "Cn1610 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Cn1610 Search vendor "Netapp" for product "Cn1610" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.18 < 4.19.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 4.19.18" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 4.20.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 4.20.5" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.0 Search vendor "Linux" for product "Linux Kernel" and version "5.0" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.0 Search vendor "Linux" for product "Linux Kernel" and version "5.0" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.0 Search vendor "Linux" for product "Linux Kernel" and version "5.0" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.0 Search vendor "Linux" for product "Linux Kernel" and version "5.0" | rc4 |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapprotect Search vendor "Netapp" for product "Snapprotect" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||