#VU90360 Out-of-bounds read in Linux kernel - CVE-2019-25160


Vulnerability identifier: #VU90360

Vulnerability risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-25160

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to read data or crash the application.

The vulnerability exists due to an out-of-bounds read error within the cipso_v4_bitmap_walk() and cipso_v4_map_lvl_valid() functions in net/ipv4/cipso_ipv4.c. A local user can read data or crash the application.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/97bc3683c24999ee621d847c9348c75d2fe86272
https://git.kernel.org/stable/c/c61d01faa5550e06794dcf86125ccd325bfad950
https://git.kernel.org/stable/c/dc18101f95fa6e815f426316b8b9a5cee28a334e
https://git.kernel.org/stable/c/1c973f9c7cc2b3caae93192fdc8ecb3f0b4ac000
https://git.kernel.org/stable/c/fcfe700acdc1c72eab231300e82b962bac2b2b2c
https://git.kernel.org/stable/c/e3713abc4248aa6bcc11173d754c418b02a62cbb
https://git.kernel.org/stable/c/fbf9578919d6c91100ec63acf2cba641383f6c78
https://git.kernel.org/stable/c/5578de4834fe0f2a34fedc7374be691443396d1f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Data Protection Central
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Out-of-bounds read in Linux kernel ipv4