First published: Sat Dec 28 2019(Updated: )
A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
redhat/kernel-alt | <0:4.14.0-115.19.1.el7a | 0:4.14.0-115.19.1.el7a |
redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
Linux Linux kernel | <5.0.6 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Cloud Backup | ||
Netapp Data Availability Services | ||
NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.2 | |
Netapp Fas\/aff Baseboard Management Controller | ||
Netapp Solidfire \& Hci Management Node | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp Solidfire Baseboard Management Controller | ||
Netapp H610s Firmware | ||
Netapp H610s | ||
Netapp 8300 Firmware | ||
Netapp 8300 | ||
Netapp 8700 Firmware | ||
Netapp 8700 | ||
Netapp A400 Firmware | ||
Netapp A400 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2019-20054 is a vulnerability in the Linux kernel that allows a local attacker to panic the system by triggering a condition during module load failure.
CVE-2019-20054 has a severity rating of 5.1 (medium).
Versions of the Linux kernel before 5.0.6 are affected by CVE-2019-20054.
To fix CVE-2019-20054, update your Linux kernel to version 5.0.6 or later.
More information about CVE-2019-20054 can be found at the following references: [Reference 1], [Reference 2], [Reference 3].