CVE-2019-10140 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

5.5MEDIUMNVD

OSV4.4

EPSS

0.1%

top 73.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Opensource Kernel Redhat Enterprise Linux +1 more

Timeline

PublishedAug 15

Latest updateMay 24

Description

A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel3.10

▶CVEListV5opensource/kernelup to kernel-3.10

▶debiandebian/linux

Also affects: Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-cqfm-vfh2-jprp: A vulnerability was found in Linux kernel's, versions up to 3↗2022-05-24

▶

OSV

mariadb-10.1 vulnerabilities↗2019-06-05

▶

📋Vendor Advisories

Red Hat

kernel: overlayfs: NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c↗2019-08-15

▶

Debian

CVE-2019-10140: linux - A vulnerability was found in Linux kernel's, versions up to 3.10, implementation...↗2019

▶

💬Community

Bugzilla

CVE-2019-10140 kernel: overlayfs: NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c↗2019-02-15

▶