CVE-2019-8912Use After Free in Kernel

CWE-416Use After Free13 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 57.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelCanonical Ubuntu LinuxOpensuse Leap+2 more
Timeline
PublishedFeb 18
Latest updateMay 13

Description

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.104.14.103+3
Debianlinux/linux_kernel< 4.19.28-1+3
NVDopensuse/leap15.0
Palo Altopaloalto/pan-os

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.0

Patches

Patch: patchwork.ozlabs.orgPatch: bugzilla.redhat.comPatch: patchwork.ozlabs.org

🔴Vulnerability Details

3
GHSA
GHSA-4wpv-r6m6-xjq5: In the Linux kernel through 42022-05-13
CVEList
CVE-2019-8912: In the Linux kernel through 42019-02-18
OSV
CVE-2019-8912: In the Linux kernel through 42019-02-18

📋Vendor Advisories

7
Palo Alto
Privilege Escalation in PAN-OS2019-07-15
Ubuntu
Linux kernel (HWE) vulnerabilities2019-04-02
Ubuntu
Linux kernel (HWE) vulnerabilities2019-04-02
Ubuntu
Linux kernel vulnerabilities2019-04-02
Ubuntu
Linux kernel vulnerabilities2019-04-02

💬Community

2
Bugzilla
CVE-2019-8912 kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr [fedora-all]2019-02-19
Bugzilla
CVE-2019-8912 kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr2019-02-19
CVE-2019-8912 — Use After Free in Linux Kernel | cvebase