CVE-2019-9213

Published: Mar 5, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

Affected (13)

Products: Linux: Linux Kernel · Debian: Debian Linux · Redhat: Enterprise Linux · +2 more

Show all products

Linux: Linux Kernel · Debian: Debian Linux · Redhat: Enterprise Linux · Opensuse: Leap · Canonical: Ubuntu Linux

1 product

1 product

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.14 to 4.14.105
Linux Linux Kernel	From 4.19 to 4.19.27
Linux Linux Kernel	From 4.20 to 4.20.14
Linux Linux Kernel	From 4.9 to 4.9.162

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 42.3

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.10

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (52)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1

Source: cve@mitre.org

PatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/107296

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:0831

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1479

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1480

Source: cve@mitre.org

Third Party Advisory

https://bugs.chromium.org/p/project-zero/issues/detail?id=1792

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3930-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3930-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3931-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3931-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3932-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3932-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3933-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3933-2/

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/46502/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1