Vulnerability Details : CVE-2019-17053

ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.

Published 2019-10-01 14:15:42

Updated 2019-10-25 20:15:15

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-17053

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 15 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-17053

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	1.8	1.4	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2019-17053

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-17053

https://usn.ubuntu.com/4186-1/

USN-4186-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://seclists.org/bugtraq/2019/Nov/11

Bugtraq: [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)

CVEs referencing this url
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch;Vendor Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

[SECURITY] [DLA 2114-1] linux-4.9 security update

CVEs referencing this url
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Slackware Security Advisory - Slackware 14.2 kernel Updates ≈ Packet Storm

CVEs referencing this url
https://usn.ubuntu.com/4185-2/

USN-4185-2: Linux kernel (Azure) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/

[SECURITY] Fedora 29 Update: kernel-headers-5.3.6-100.fc29 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html

[SECURITY] [DLA 2068-1] linux security update

CVEs referencing this url
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch;Vendor Advisory
https://usn.ubuntu.com/4184-1/

USN-4184-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://usn.ubuntu.com/4185-1/

USN-4185-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://usn.ubuntu.com/4186-2/

USN-4186-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url

Products affected by CVE-2019-17053

Linux » Linux Kernel
Versions up to, including, (<=) 5.3.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions