CVE-2019-9003: Use After Free
First published: Fri Feb 22 2019(Updated: )
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=4.18<4.19.18 | |
| Linux Kernel | >=4.20<4.20.5 | |
| Linux Kernel | =5.0-rc1 | |
| Linux Kernel | =5.0-rc2 | |
| Linux Kernel | =5.0-rc3 | |
| Linux Kernel | =5.0-rc4 | |
| NetApp SolidFire & HCI Management Node | ||
| NetApp SnapProtect | ||
| NetApp SolidFire & HCI Storage Node | ||
| NetApp CN1610 | ||
| NetApp CN1610 Firmware | ||
| Ubuntu | =18.04 | |
| Ubuntu | =18.10 | |
| SUSE Linux | =15.0 | |
| All of | ||
| NetApp CN1610 | ||
| NetApp CN1610 Firmware | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
- http://www.securityfocus.com/bid/107145
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5
- https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8
- https://security.netapp.com/advisory/ntap-20190327-0002/
- https://usn.ubuntu.com/3930-1/
- https://usn.ubuntu.com/3930-2/
- https://launchpad.net/bugs/cve/CVE-2019-9003
- https://git.kernel.org/linus/77f8269606bf95fcb232ee86f6da80886f1dfae8
- https://security-tracker.debian.org/tracker/CVE-2019-9003
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9003
- https://nvd.nist.gov/vuln/detail/CVE-2019-9003
- https://ubuntu.com/security/CVE-2019-9003
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2019-9003.
What is the description of the vulnerability?
The vulnerability is a use-after-free and OOPS vulnerability in the Linux kernel before 4.20.5, which can be triggered by certain simultaneous execution of code.
Which software is affected by this vulnerability?
The vulnerability affects the Linux kernel versions before 4.20.5.
How can this vulnerability be exploited?
The vulnerability can be exploited by arranging for certain simultaneous execution of the code.
Is there a fix available for this vulnerability?
Yes, the vulnerability can be fixed by updating the Linux kernel to version 4.20.5 or later.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.18
- version/linux kernel/4.20
- version/linux kernel/5.0-rc1
- version/linux kernel/5.0-rc2
- version/linux kernel/5.0-rc3
- version/linux kernel/5.0-rc4
- vendor/netapp
- canonical/netapp solidfire & hci management node
- canonical/netapp snapprotect
- canonical/netapp solidfire & hci storage node
- canonical/netapp cn1610
- canonical/netapp cn1610 firmware
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/18.04
- version/ubuntu/18.10
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.0