CVE-2019-9003: Use After Free
First published: Fri Feb 22 2019(Updated: )
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=4.18<4.19.18 | |
| Linux Linux kernel | >=4.20<4.20.5 | |
| Linux Linux kernel | =5.0-rc1 | |
| Linux Linux kernel | =5.0-rc2 | |
| Linux Linux kernel | =5.0-rc3 | |
| Linux Linux kernel | =5.0-rc4 | |
| Netapp Hci Management Node | ||
| Netapp Snapprotect | ||
| Netapp Solidfire | ||
| Netapp Cn1610 Firmware | ||
| Netapp Cn1610 | ||
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =18.10 | |
| openSUSE Leap | =15.0 | |
| All of | ||
| Netapp Cn1610 Firmware | ||
| Netapp Cn1610 | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
- http://www.securityfocus.com/bid/107145
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5
- https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8
- https://security.netapp.com/advisory/ntap-20190327-0002/
- https://usn.ubuntu.com/3930-1/
- https://usn.ubuntu.com/3930-2/
- https://launchpad.net/bugs/cve/CVE-2019-9003
- https://git.kernel.org/linus/77f8269606bf95fcb232ee86f6da80886f1dfae8
- https://security-tracker.debian.org/tracker/CVE-2019-9003
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9003
- https://nvd.nist.gov/vuln/detail/CVE-2019-9003
- https://ubuntu.com/security/CVE-2019-9003
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2019-9003.
What is the description of the vulnerability?
The vulnerability is a use-after-free and OOPS vulnerability in the Linux kernel before 4.20.5, which can be triggered by certain simultaneous execution of code.
Which software is affected by this vulnerability?
The vulnerability affects the Linux kernel versions before 4.20.5.
How can this vulnerability be exploited?
The vulnerability can be exploited by arranging for certain simultaneous execution of the code.
Is there a fix available for this vulnerability?
Yes, the vulnerability can be fixed by updating the Linux kernel to version 4.20.5 or later.
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-api
- agent/author
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.18
- version/linux linux kernel/4.20
- version/linux linux kernel/5.0-rc1
- version/linux linux kernel/5.0-rc2
- version/linux linux kernel/5.0-rc3
- version/linux linux kernel/5.0-rc4
- vendor/netapp
- canonical/netapp hci management node
- canonical/netapp snapprotect
- canonical/netapp solidfire
- canonical/netapp cn1610 firmware
- canonical/netapp cn1610
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/18.10
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- package-manager/debian