CVE-2019-17052

CVSS v3.1 3.3 (Low)

CVSS v2.0 2.1 (Low)

EPSS 0.05 % (19^th)

Affected Products 4

Advisories 17

ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.

Weaknesses

CWE-276: Incorrect Default Permissions

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-10-01 14:15:40
(5 years ago)
Updated Date: 2023-11-07 03:06:08
(10 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Linux Kernel from 3.16 version and 5.3.2 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 3.16	<= 5.3.2

Configuration #2

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 29	cpe:2.3:o:fedoraproject:fedora:29

Configuration #4

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04

Weaknesses

Affected Products

Canonical

Debian

Fedoraproject

Linux

Configuration #1

Configuration #2

Configuration #3

Configuration #4