CVE-2019-11810Use After Free in Kernel

CWE-416Use After FreeCWE-476NULL Pointer Dereference21 documents7 sources
Severity
7.5HIGHNVD
OSV4.7OSV4.6OSV3.3
EPSS
1.8%
top 17.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelApparmorDebian Linux+2 more
Timeline
PublishedMay 7
Latest updateMay 24

Description

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel3.173.18.139+6
Debianlinux/linux_kernel< 4.19.37-1+3
Ubuntulinux/linux_kernel< 4.4.0-150.176+2
debiandebian/linux< linux 4.19.37-1 (bookworm)
Ubuntuapparmor/apparmor< 2.10.95-0ubuntu2.11

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.04

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

8
GHSA
GHSA-v8xr-mc49-hfww: An issue was discovered in the Linux kernel before 52022-05-24
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression2019-09-11
OSV
linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities2019-09-02
OSV
linux-aws vulnerabilities2019-09-02
OSV
linux-lts-xenial, linux-aws vulnerabilities2019-06-07

📋Vendor Advisories

9
Ubuntu
Linux kernel regression2019-09-11
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel vulnerabilities2019-09-02
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2019-06-07
Ubuntu
AppArmor update2019-06-05

💬Community

3
Bugzilla
CVE-2019-11810 kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS [fedora-all]2019-05-14
Bugzilla
CVE-2019-11810 kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS2019-05-13
Bugzilla
CVE-2019-11810 kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS [fedora-all]2019-05-13