Vulnerability Details : CVE-2019-11486
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
Threat overview for CVE-2019-11486
Top countries where our scanners detected CVE-2019-11486
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2019-11486 21,442
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-11486!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-11486
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 32 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-11486
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
|
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2019-11486
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11486
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c7084edc3f6d67750f50d4183134c4fb5712a5c8
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
[SECURITY] [DLA 1824-1] linux-4.9 security updateThird Party Advisory
-
https://seclists.org/bugtraq/2019/Jun/26
Bugtraq: [SECURITY] [DSA 4465-1] linux security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
[security-announce] openSUSE-SU-2019:1407-1: important: Security updateThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
[security-announce] openSUSE-SU-2019:1404-1: important: Security updateThird Party Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169
Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20190517-0005/
May 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
Vendor Advisory
-
https://www.debian.org/security/2019/dsa-4465
Debian -- Security Information -- DSA-4465-1 linuxThird Party Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112
Vendor Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35
Vendor Advisory
-
https://github.com/torvalds/linux/commit/c7084edc3f6d67750f50d4183134c4fb5712a5c8
tty: mark Siemens R3964 line discipline as BROKEN · torvalds/linux@c7084ed · GitHubPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
[security-announce] openSUSE-SU-2019:1479-1: important: Security updateThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/04/29/1
oss-security - Linux kernel: multiple issuesMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
[SECURITY] [DLA 1799-2] linux security updateThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
[SECURITY] [DLA 1799-1] linux security updateThird Party Advisory
-
https://support.f5.com/csp/article/K50222414
Third Party Advisory
Products affected by CVE-2019-11486
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:virtual_storage_console:9.7:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.7:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*