CVE-2019-11486: Race Condition
First published: Tue Apr 23 2019(Updated: )
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | 4.19.249-2 4.19.289-2 5.10.197-1 5.10.191-1 6.1.66-1 6.1.52-1 6.5.13-1 6.6.8-1 | |
| Linux Linux kernel | <3.16.66 | |
| Linux Linux kernel | >=3.17<3.18.139 | |
| Linux Linux kernel | >=3.19<4.4.179 | |
| Linux Linux kernel | >=4.5<4.9.169 | |
| Linux Linux kernel | >=4.10<4.14.112 | |
| Linux Linux kernel | >=4.15<4.19.35 | |
| Linux Linux kernel | >=4.20<5.0.8 | |
| Debian Debian Linux | =9.0 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =42.3 | |
| Netapp Active Iq | ||
| Netapp Hci Management Node | ||
| Netapp Snapprotect | ||
| Netapp Solidfire | ||
| Netapp Storage Replication Adapter For Clustered Data Ontap Vmware Vsphere | =9.7 | |
| Netapp Vasa Provider For Clustered Data Ontap | =9.7 | |
| Netapp Virtual Storage Console Vmware Vsphere | =9.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
- https://security-tracker.debian.org/tracker/CVE-2019-11486
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
- http://www.openwall.com/lists/oss-security/2019/04/29/1
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c7084edc3f6d67750f50d4183134c4fb5712a5c8
- https://github.com/torvalds/linux/commit/c7084edc3f6d67750f50d4183134c4fb5712a5c8
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- https://seclists.org/bugtraq/2019/Jun/26
- https://security.netapp.com/advisory/ntap-20190517-0005/
- https://support.f5.com/csp/article/K50222414
- https://www.debian.org/security/2019/dsa-4465
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2019-11486.
What is the severity level of CVE-2019-11486?
The severity level of CVE-2019-11486 is high with a severity value of 7.
Which software and versions are affected by CVE-2019-11486?
The Linux kernel versions before 5.0.8 and certain versions of Debian, openSUSE Leap, Netapp Active Iq, Netapp Hci Management Node, Netapp Snapprotect, Netapp Solidfire, Netapp Storage Replication Adapter For Clustered Data Ontap, Netapp Vasa Provider For Clustered Data Ontap, and Netapp Virtual Storage Console are affected. Please refer to the vulnerability description for specific version details.
How severe is the race condition vulnerability in the Siemens R3964 line discipline driver?
The race condition vulnerability in the Siemens R3964 line discipline driver is considered high severity.
How can I fix CVE-2019-11486?
To fix CVE-2019-11486, update to Linux kernel version 5.0.8 or later, or apply the appropriate security patches provided by your software vendor.
- collector/security-tracker-debian
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.17
- version/linux linux kernel/3.19
- version/linux linux kernel/4.5
- version/linux linux kernel/4.10
- version/linux linux kernel/4.15
- version/linux linux kernel/4.20
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/42.3
- vendor/netapp
- canonical/netapp active iq
- canonical/netapp hci management node
- canonical/netapp snapprotect
- canonical/netapp solidfire
- canonical/netapp storage replication adapter for clustered data ontap vmware vsphere
- version/netapp storage replication adapter for clustered data ontap vmware vsphere/9.7
- canonical/netapp vasa provider for clustered data ontap
- version/netapp vasa provider for clustered data ontap/9.7
- canonical/netapp virtual storage console vmware vsphere
- version/netapp virtual storage console vmware vsphere/9.7