CVE-2019-15292Use After Free in Kernel

CWE-416Use After FreeCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents7 sources
Severity
4.7MEDIUMNVD
OSV4.6OSV3.3
EPSS
1.0%
top 22.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedAug 21
Latest updateMay 24

Description

An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel3.173.18.139+6
Debianlinux/linux_kernel< 4.19.37-1+3
Ubuntulinux/linux_kernel< 4.15.0-62.69+1
debiandebian/linux< linux 4.19.37-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04

Patches

Patch: cdn.kernel.orgPatch: git.kernel.orgPatch: cdn.kernel.org

🔴Vulnerability Details

5
GHSA
GHSA-2546-8f75-8pq5: An issue was discovered in the Linux kernel before 52022-05-24
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression2019-09-11
OSV
linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities2019-09-02
OSV
linux-aws vulnerabilities2019-09-02
OSV
CVE-2019-15292: An issue was discovered in the Linux kernel before 52019-08-21

📋Vendor Advisories

5
Ubuntu
Linux kernel regression2019-09-11
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel vulnerabilities2019-09-02
Red Hat
kernel: Use-after-free in atalk_proc_exit function in net/appletalk2019-08-21
Debian
CVE-2019-15292: linux - An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-f...2019

💬Community

2
Bugzilla
CVE-2019-15292 kernel: Use-after-free in atalk_proc_exit function in net/appletalk2019-08-29
Bugzilla
CVE-2019-15292 kernel: Use-after-free in atalk_proc_exit function in net/appletalk [fedora-all]2019-08-29