CVE-2019-9003

CVSS v3.1 7.5 (High)

CVSS v2.0 7.8 (High)

EPSS 0.98 % (84^th)

Affected Products 8

Advisories 10

In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-02-22 15:29:00
(5 years ago)
Updated Date: 2021-06-02 15:31:35
(3 years ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Netapp

Opensuse

Leap

Configuration #1

AND

		CPE23	From	Up To
OR
	Linux Kernel from 4.18 version and prior 4.19.18 version	cpe:2.3:o:linux:linux_kernel	>= 4.18	< 4.19.18
OR
	Running on/with
	Linux Kernel from 4.20 version and prior 4.20.5 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 4.20.5
OR
	Running on/with
	Linux Kernel 5.0 Rc1	cpe:2.3:o:linux:linux_kernel:5.0:rc1
OR
	Running on/with
	Linux Kernel 5.0 Rc2	cpe:2.3:o:linux:linux_kernel:5.0:rc2
OR
	Running on/with
	Linux Kernel 5.0 Rc3	cpe:2.3:o:linux:linux_kernel:5.0:rc3
OR
	Running on/with
	Linux Kernel 5.0 Rc4	cpe:2.3:o:linux:linux_kernel:5.0:rc4

Configuration #2

AND

		CPE23
OR
	Netapp Hci Management Node	cpe:2.3:a:netapp:hci_management_node:-
OR
	Running on/with
	Netapp Snapprotect	cpe:2.3:a:netapp:snapprotect:-
OR
	Running on/with
	Netapp Solidfire	cpe:2.3:a:netapp:solidfire:-

Configuration #3

AND

		CPE23
OR
	Netapp Cn1610 Firmware	cpe:2.3:o:netapp:cn1610_firmware:-
OR
	Running on/with
	Netapp Cn1610	cpe:2.3:h:netapp:cn1610:-

Configuration #4

AND

		CPE23
OR
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
OR
	Running on/with
	Canonical Ubuntu Linux 18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10

Configuration #5

AND

		CPE23	From	Up To
OR
	Opensuse Leap 15.0	cpe:2.3:o:opensuse:leap:15.0