CVE-2019-15918 — Out-of-bounds Read in Kernel

CWE-125 — Out-of-bounds Read11 documents7 sources

Severity

7.8HIGHNVD

OSV5.5

EPSS

0.1%

top 72.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux

Timeline

PublishedSep 4

Latest updateMay 24

Description

An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel4.13.5 — 4.14.166+2

▶Debianlinux/linux_kernel< 5.2.6-1+3

▶Ubuntulinux/linux_kernel< 4.15.0-66.75

▶debiandebian/linux< linux 5.2.6-1 (bookworm)

Also affects: Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-54gc-9mvf-cqgf: An issue was discovered in the Linux kernel before 5↗2022-05-24

▶

OSV

linux-azure vulnerabilities↗2019-10-23

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2019-10-22

▶

OSV

CVE-2019-15918: An issue was discovered in the Linux kernel before 5↗2019-09-04

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2019-10-23

▶

Ubuntu

Linux kernel vulnerabilities↗2019-10-22

▶

Red Hat

kernel: out-of-bounds read in fs/cifs/smb2pdu.c↗2019-09-04

▶

Debian

CVE-2019-15918: linux - An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/...↗2019

▶

💬Community

Bugzilla

CVE-2019-15918 kernel: out-of-bounds read in fs/cifs/smb2pdu.c↗2019-10-10

▶

Bugzilla

CVE-2019-15918 kernel: out-of-bounds read in fs/cifs/smb2pdu.c [fedora-all]↗2019-10-10

▶