CVE-2019-15666
First published: Tue Aug 27 2019(Updated: )
A flaw regarding the removal of xfrm policies from the kernel may possibly crash the system or corrupt memory or escalate privilges . Policies addition or removal is a privileged operation (usually done through the ip command) or via a netlink socket. A local privileged user (with CAP_NET_ADMIN or root) is required to exploit this condition. With this limitation, this issue is rated as Moderate. Reference: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b805d78d300bcf2c83d6df7da0c818b0fee41427">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b805d78d300bcf2c83d6df7da0c818b0fee41427</a> <a href="https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19">https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-alt | <0:4.14.0-115.19.1.el7a | 0:4.14.0-115.19.1.el7a |
| redhat/kernel-rt | <0:4.18.0-147.rt24.93.el8 | 0:4.18.0-147.rt24.93.el8 |
| redhat/kernel | <0:4.18.0-147.el8 | 0:4.18.0-147.el8 |
| Linux Kernel | <5.0.19 | |
| Debian | =8.0 | |
| SUSE Linux | =15.0 | |
| SUSE Linux | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-15666 https://nvd.nist.gov/vuln/detail/CVE-2019-15666
- https://bugzilla.redhat.com/show_bug.cgi?id=1747334
- https://access.redhat.com/errata/RHSA-2020:1493
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/security/cve/cve-2019-15666
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b805d78d300bcf2c83d6df7da0c818b0fee41427
- https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
- https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://support.f5.com/csp/article/K53420251?utm_source=f5support&utm_medium=RSS
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1747335
- https://support.f5.com/csp/article/K53420251?utm_source=f5support&%3Butm_medium=RSS
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2019-15666?
CVE-2019-15666 is considered a moderate severity vulnerability due to its potential to crash the system or escalate privileges.
How do I fix CVE-2019-15666?
You can fix CVE-2019-15666 by upgrading to the appropriate kernel versions specified by Red Hat or other affected distributions.
Who is affected by CVE-2019-15666?
Local privileged users on systems using the affected kernels, such as certain Red Hat and Debian versions, may be impacted by CVE-2019-15666.
What type of vulnerabilities does CVE-2019-15666 involve?
CVE-2019-15666 involves vulnerabilities related to the management of xfrm policies in the Linux kernel.
Can CVE-2019-15666 lead to a system crash?
Yes, CVE-2019-15666 may potentially cause a system crash if exploited by a local privileged user.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-15666
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.0
- version/suse linux/15.1