Vulnerability Details : CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
Vulnerability category: Input validation
Threat overview for CVE-2019-3460
Top countries where our scanners detected CVE-2019-3460
Top open port discovered on systems with this issue
80
IPs affected by CVE-2019-3460 70,285
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-3460!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-3460
Probability of exploitation activity in the next 30 days: 0.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-3460
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-3460
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-3460
-
https://bugzilla.redhat.com/show_bug.cgi?id=1663179
1663179 – (CVE-2019-3460) CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSPMitigation;Issue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0740
RHSA-2020:0740 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3517
RHSA-2019:3517 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html
CVE-2019-3460 in UbuntuThird Party Advisory
-
https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
[SECURITY] [DLA 1771-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/
[PATCH 2/2] Bluetooth: check the buffer size for some messages before parsing - Greg Kroah-HartmanPatch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2019/06/27/2
oss-security - Re: linux-distros membership application - MicrosoftMailing List;Third Party Advisory
-
https://marc.info/?l=oss-security&m=154721580222522&w=2
'[oss-security] Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)' - MARCExploit;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2029
RHSA-2019:2029 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
[SECURITY] [DLA 1799-2] linux security updateMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/06/27/7
oss-security - Re: linux-distros membership application - MicrosoftMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/06/28/2
oss-security - Re: linux-distros membership application - MicrosoftMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3309
RHSA-2019:3309 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2043
RHSA-2019:2043 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
[SECURITY] [DLA 1799-1] linux security updateMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/08/12/1
oss-security - Re: linux-distros membership application - MicrosoftMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/06/28/1
oss-security - Re: linux-distros membership application - MicrosoftMailing List;Third Party Advisory
Products affected by CVE-2019-3460
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*