CVE-2019-15918

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.07 % (33^th)

Affected Products 2

Advisories 4

An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-09-04 19:15:12
(5 years ago)
Updated Date: 2023-01-17 21:34:02
(20 months ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.13.5 version and prior 4.14.166 version	cpe:2.3:o:linux:linux_kernel	>= 4.13.5	< 4.14.166
Linux Kernel from 4.15 version and prior 4.19.73 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.19.73
Linux Kernel from 4.20 version and prior 5.0.10 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.0.10

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts