[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-11810Date: (C)2019-06-19   (M)2024-04-30


An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 7.8
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
BID-108286
RHSA-2019:1959
RHSA-2019:1971
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:2736
RHSA-2019:2837
RHSA-2019:3217
RHSA-2020:0036
USN-4005-1
USN-4008-1
USN-4008-3
USN-4115-1
USN-4118-1
https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.7
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bcf3b67d16a4c8ffae0aa79de5853435e683945c
https://github.com/torvalds/linux/commit/bcf3b67d16a4c8ffae0aa79de5853435e683945c
https://security.netapp.com/advisory/ntap-20190719-0003/
https://support.f5.com/csp/article/K50484570
openSUSE-SU-2019:1923
openSUSE-SU-2019:1924

CWE    1
CWE-476
OVAL    30
oval:org.secpod.oval:def:1502540
oval:org.secpod.oval:def:1502533
oval:org.secpod.oval:def:1502532
oval:org.secpod.oval:def:66758
...

© SecPod Technologies