Vulnerability Details : CVE-2019-13233
Potential exploit
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-13233
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-13233
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-13233
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
|
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2019-13233
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-13233
-
https://www.debian.org/security/2019/dsa-4495
Debian -- Security Information -- DSA-4495-1 linux
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de9f869616dd95e95c00bdd6b0fcd3421e8a4323
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
-
https://usn.ubuntu.com/4117-1/
USN-4117-1: Linux kernel (AWS) vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/4093-1/
USN-4093-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/4094-1/
USN-4094-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://security.netapp.com/advisory/ntap-20190806-0001/
July 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
-
https://usn.ubuntu.com/4118-1/
USN-4118-1: Linux kernel (AWS) vulnerabilities | Ubuntu security notices
-
https://access.redhat.com/errata/RHSA-2019:3517
RHSA-2019:3517 - Security Advisory - Red Hat Customer Portal
-
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9
Mailing List;Release Notes;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
[security-announce] openSUSE-SU-2019:1757-1: important: Security update
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=1879
1879 - Linux: UAF via race between modify_ldt() and #BR exception - project-zero - MonorailExploit;Mailing List;Patch;Third Party Advisory
-
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
Kernel Live Patch Security Notice LSN-0055-1 ≈ Packet Storm
-
https://github.com/torvalds/linux/commit/de9f869616dd95e95c00bdd6b0fcd3421e8a4323
x86/insn-eval: Fix use-after-free access to LDT entry · torvalds/linux@de9f869 · GitHubPatch;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Aug/13
Bugtraq: [SECURITY] [DSA 4495-1] linux security update
-
https://access.redhat.com/errata/RHSA-2019:3309
RHSA-2019:3309 - Security Advisory - Red Hat Customer Portal
-
https://support.f5.com/csp/article/K13331647?utm_source=f5support&utm_medium=RSS
Jump to