Vulnerability Details CVE-2019-9003
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.057
EPSS Ranking 89.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
- http://www.securityfocus.com/bid/107145
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5
- https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8
- https://security.netapp.com/advisory/ntap-20190327-0002/
- https://usn.ubuntu.com/3930-1/
- https://usn.ubuntu.com/3930-2/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
- http://www.securityfocus.com/bid/107145
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5
- https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8
- https://security.netapp.com/advisory/ntap-20190327-0002/
- https://usn.ubuntu.com/3930-1/
- https://usn.ubuntu.com/3930-2/
Products affected by CVE-2019-9003
-
cpe:2.3:a:netapp:hci_management_node:-
-
cpe:2.3:a:netapp:snapprotect:-
-
cpe:2.3:a:netapp:solidfire:-
-
cpe:2.3:h:netapp:cn1610:-
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:linux:linux_kernel:4.18
-
cpe:2.3:o:linux:linux_kernel:4.18.0
-
cpe:2.3:o:linux:linux_kernel:4.18.0-193.el8
-
cpe:2.3:o:linux:linux_kernel:4.18.1
-
cpe:2.3:o:linux:linux_kernel:4.18.10
-
cpe:2.3:o:linux:linux_kernel:4.18.11
-
cpe:2.3:o:linux:linux_kernel:4.18.12
-
cpe:2.3:o:linux:linux_kernel:4.18.13
-
cpe:2.3:o:linux:linux_kernel:4.18.14
-
cpe:2.3:o:linux:linux_kernel:4.18.15
-
cpe:2.3:o:linux:linux_kernel:4.18.16
-
cpe:2.3:o:linux:linux_kernel:4.18.17
-
cpe:2.3:o:linux:linux_kernel:4.18.18
-
cpe:2.3:o:linux:linux_kernel:4.18.19
-
cpe:2.3:o:linux:linux_kernel:4.18.2
-
cpe:2.3:o:linux:linux_kernel:4.18.20
-
cpe:2.3:o:linux:linux_kernel:4.18.3
-
cpe:2.3:o:linux:linux_kernel:4.18.4
-
cpe:2.3:o:linux:linux_kernel:4.18.5
-
cpe:2.3:o:linux:linux_kernel:4.18.6
-
cpe:2.3:o:linux:linux_kernel:4.18.7
-
cpe:2.3:o:linux:linux_kernel:4.18.8
-
cpe:2.3:o:linux:linux_kernel:4.18.9
-
cpe:2.3:o:linux:linux_kernel:4.19
-
cpe:2.3:o:linux:linux_kernel:4.19.1
-
cpe:2.3:o:linux:linux_kernel:4.19.10
-
cpe:2.3:o:linux:linux_kernel:4.19.11
-
cpe:2.3:o:linux:linux_kernel:4.19.12
-
cpe:2.3:o:linux:linux_kernel:4.19.13
-
cpe:2.3:o:linux:linux_kernel:4.19.14
-
cpe:2.3:o:linux:linux_kernel:4.19.15
-
cpe:2.3:o:linux:linux_kernel:4.19.16
-
cpe:2.3:o:linux:linux_kernel:4.19.17
-
cpe:2.3:o:linux:linux_kernel:4.19.2
-
cpe:2.3:o:linux:linux_kernel:4.19.3
-
cpe:2.3:o:linux:linux_kernel:4.19.4
-
cpe:2.3:o:linux:linux_kernel:4.19.5
-
cpe:2.3:o:linux:linux_kernel:4.19.6
-
cpe:2.3:o:linux:linux_kernel:4.19.7
-
cpe:2.3:o:linux:linux_kernel:4.19.8
-
cpe:2.3:o:linux:linux_kernel:4.19.9
-
cpe:2.3:o:linux:linux_kernel:4.20
-
cpe:2.3:o:linux:linux_kernel:4.20.1
-
cpe:2.3:o:linux:linux_kernel:4.20.2
-
cpe:2.3:o:linux:linux_kernel:4.20.3
-
cpe:2.3:o:linux:linux_kernel:4.20.4
-
cpe:2.3:o:linux:linux_kernel:5.0
-
cpe:2.3:o:netapp:cn1610_firmware:-
-
cpe:2.3:o:opensuse:leap:15.0