Vulnerability CVE-2019-3896


Published: 2019-06-18   Modified: 2019-06-19

Description:
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).

Type:

CWE-415

(Double Free)

Vendor: Redhat
Product: Enterprise linux server aus 
Version: 6.6; 6.5;
Product: Enterprise linux server 
Version: 6.0;
Product: Enterprise linux desktop 
Version: 6.0;
Product: Enterprise linux workstation 
Version: 6.0;
Vendor: Linux
Product: Linux kernel 
Version:
2.6.9
2.6.8.1
2.6.8
2.6.7
2.6.6
2.6.5
2.6.4
2.6.39.4
2.6.39.3
2.6.39.2
2.6.39.1
2.6.39
2.6.38.8
2.6.38.7
2.6.38.6
2.6.38.5
2.6.38.4
2.6.38.3
2.6.38.2
2.6.38.1
2.6.38
2.6.37.6
2.6.37.5
2.6.37.4
2.6.37.3
2.6.37.2
2.6.37.1
2.6.37
2.6.36.4
2.6.36.3
2.6.36.2
2.6.36.1
2.6.36
2.6.35.9
2.6.35.8
2.6.35.7
2.6.35.6
2.6.35.5
2.6.35.4
2.6.35.3
2.6.35.2
2.6.35.13
2.6.35.12
2.6.35.11
2.6.35.10
2.6.35.1
2.6.35
2.6.34.9
2.6.34.8
2.6.34.7
2.6.34.6
2.6.34.5
2.6.34.4
2.6.34.3
2.6.34.2
2.6.34.10
2.6.34.1
2.6.34
2.6.33.9
2.6.33.8
2.6.33.7
2.6.33.6
2.6.33.5
2.6.33.4
2.6.33.3
2.6.33.20
2.6.33.2
2.6.33.19
2.6.33.18
2.6.33.17
2.6.33.16
2.6.33.15
2.6.33.14
2.6.33.13
2.6.33.12
2.6.33.11
2.6.33.10
2.6.33.1
2.6.33
2.6.32.9
2.6.32.8
2.6.32.7
2.6.32.6
2.6.32.58
2.6.32.57
2.6.32.56
2.6.32.55
2.6.32.54
2.6.32.53
2.6.32.52
2.6.32.51
2.6.32.50
2.6.32.5
2.6.32.49
2.6.32.48
See more versions on NVD

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/108814
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3896
https://support.f5.com/csp/article/K04327111

Related CVE
CVE-2019-10639
The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the...
CVE-2019-10638
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to ...
CVE-2019-13233
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.
CVE-2019-12984
A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of ser...
CVE-2019-12817
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of pow...
CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial ...
CVE-2019-11478
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denia...
CVE-2019-11477
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This ha...

Copyright 2019, cxsecurity.com

 

Back to Top