Vulnerability Details CVE-2019-18680
An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.195
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e
- https://github.com/torvalds/linux/commit/91573ae4aed0a49660abdad4d42f2a0db995ee5e
- https://lkml.org/lkml/2019/9/18/337
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.195
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e
- https://github.com/torvalds/linux/commit/91573ae4aed0a49660abdad4d42f2a0db995ee5e
- https://lkml.org/lkml/2019/9/18/337
- https://security.netapp.com/advisory/ntap-20191205-0001/
Products affected by CVE-2019-18680
-
cpe:2.3:o:linux:linux_kernel:4.4.179
-
cpe:2.3:o:linux:linux_kernel:4.4.180
-
cpe:2.3:o:linux:linux_kernel:4.4.181
-
cpe:2.3:o:linux:linux_kernel:4.4.182
-
cpe:2.3:o:linux:linux_kernel:4.4.183
-
cpe:2.3:o:linux:linux_kernel:4.4.184
-
cpe:2.3:o:linux:linux_kernel:4.4.185
-
cpe:2.3:o:linux:linux_kernel:4.4.186
-
cpe:2.3:o:linux:linux_kernel:4.4.187
-
cpe:2.3:o:linux:linux_kernel:4.4.188
-
cpe:2.3:o:linux:linux_kernel:4.4.189
-
cpe:2.3:o:linux:linux_kernel:4.4.190
-
cpe:2.3:o:linux:linux_kernel:4.4.191
-
cpe:2.3:o:linux:linux_kernel:4.4.192
-
cpe:2.3:o:linux:linux_kernel:4.4.193
-
cpe:2.3:o:linux:linux_kernel:4.4.194