CVE-2019-5108
Severity
6.5MEDIUM
EPSS
0.8%
top 26.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 23
Latest updateMay 24
Description
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can for…
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-m32p-568p-hpc9: An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5↗2022-05-24
OSV▶
CVE-2019-5108: An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5↗2019-12-23
CVEList▶
CVE-2019-5108: An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5↗2019-12-23
📋Vendor Advisories
7💬Community
2Bugzilla▶
CVE-2019-5108 kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS↗2020-01-10
Bugzilla▶
CVE-2019-5108 kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS [fedora-all]↗2020-01-10