CVE-2019-9213

CVSS v3.1 5.5 (Medium)

CVSS v2.0 4.9 (Medium)

EPSS 0.08 % (36^th)

Affected Products 5

Advisories 38

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-03-05 22:29:00
(5 years ago)
Updated Date: 2022-10-12 15:56:12
(23 months ago)

Affected Products

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.9 version and prior 4.9.162 version	cpe:2.3:o:linux:linux_kernel	>= 4.9	< 4.9.162
Linux Kernel from 4.14 version and prior 4.14.105 version	cpe:2.3:o:linux:linux_kernel	>= 4.14	< 4.14.105
Linux Kernel from 4.19 version and prior 4.19.27 version	cpe:2.3:o:linux:linux_kernel	>= 4.19	< 4.19.27
Linux Kernel from 4.20 version and prior 4.20.14 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 4.20.14

Configuration #2

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #3

		CPE23	From	Up To
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0

Configuration #4

		CPE23	From	Up To
	Opensuse Leap 15.0	cpe:2.3:o:opensuse:leap:15.0
	Opensuse Leap 42.3	cpe:2.3:o:opensuse:leap:42.3

Configuration #5

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10

Weaknesses

Affected Products

Canonical

Debian

Linux

Opensuse

Redhat

Configuration #1

Configuration #2

Configuration #3

Configuration #4

Configuration #5