CVE-2019-10220 — Path Traversal in Kernel

CWE-22 — Path Traversal10 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 26.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Suse Kernel +2 more

Timeline

PublishedNov 27

Latest updateMay 24

Description

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel2.6.12 — 3.16.81+5

▶Debianlinux/linux_kernel< 5.3.9-1+3

▶debiandebian/linux< linux 5.3.9-1 (bookworm)

▶CVEListV5suse/kernelkernel version 4.9.0

Also affects: Debian Linux 8.0, Ubuntu Linux 18.04, 19.04

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-539c-rp35-q667: Linux kernel CIFS implementation, version 4↗2022-05-24

▶

OSV

linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities↗2020-01-07

▶

OSV

CVE-2019-10220: Linux kernel CIFS implementation, version 4↗2019-11-27

▶

💥Exploits & PoCs

Exploit-DB

rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution↗2020-03-27

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2020-01-07

▶

Red Hat

kernel: CIFS: Relative paths injection in directory entry lists↗2019-11-27

▶

Debian

CVE-2019-10220: linux - Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative path...↗2019

▶

💬Community

Bugzilla

CVE-2019-10220 kernel: CIFS: Relative paths injection in directory entry lists [fedora-all]↗2019-11-27

▶

Bugzilla

CVE-2019-10220 kernel: CIFS: Relative paths injection in directory entry lists↗2019-08-16

▶