CVE-2019-18198Missing Release of Resource after Effective Lifetime in Kernel

CWE-772Missing Release of Resource after Effective LifetimeCWE-401Missing Release of Memory after Effective Lifetime9 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 71.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedOct 18
Latest updateMay 24

Description

In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDlinux/linux_kernel5.35.3.4
debiandebian/linux

Also affects: Ubuntu Linux 19.10

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-3wc6-3hc2-3wc8: In the Linux kernel before 52022-05-24
OSV
CVE-2019-18198: In the Linux kernel before 52019-10-17

📋Vendor Advisories

4
Ubuntu
Linux kernel vulnerability2019-10-21
Red Hat
kernel: memory leak in fib6_rule_suppress could result in DoS2019-10-03
Red Hat
kernel: reference count usage error in fib6_rule_suppress function in net/ipv6/fib6_rules.c2019-09-24
Debian
CVE-2019-18198: linux - In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule...2019

💬Community

2
Bugzilla
CVE-2019-18198 kernel: reference count usage error in fib6_rule_suppress function in net/ipv6/fib6_rules.c [fedora-all]2019-11-12
Bugzilla
CVE-2019-18198 kernel: reference count usage error in fib6_rule_suppress function in net/ipv6/fib6_rules.c2019-11-12