CVE-2019-12456 -- linux-imageID: oval:org.secpod.oval:def:2003578 | Date: (C)2020-09-25 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.
Platform: |
Debian 10.x |
Debian 9.x |
Product: |
linux-image-4.9 |
linux-image-4.19 |