CVE-2019-9162
published 2019-02-25CVE-2019-9162: In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index…
PriorityP344high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.09%
61.3th percentile
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | linux | < linux 4.19.28-1 (bookworm) | linux 4.19.28-1 (bookworm) |
| linux | linux_kernel | >= 0 < 4.19.28-1 | 4.19.28-1 |
| linux | linux_kernel | >= 0 < 4.19.28-1 | 4.19.28-1 |
| linux | linux_kernel | >= 0 < 4.19.28-1 | 4.19.28-1 |
| linux | linux_kernel | >= 0 < 4.19.28-1 | 4.19.28-1 |
| linux | linux_kernel | >= 4.19 < 4.19.25 | 4.19.25 |
| linux | linux_kernel | >= 4.20 < 4.20.12 | 4.20.12 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rcwp-79mw-gmr5: In the Linux kernel before 4
ghsa_unreviewed·2022-05-13
CVE-2019-9162 [HIGH] CWE-787 GHSA-rcwp-79mw-gmr5: In the Linux kernel before 4
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
OSV
linux-hwe, linux-azure vulnerabilities
osv·2019-04-02·CVSS 7.8
CVE-2018-19824 [HIGH] linux-hwe, linux-azure vulnerabilities
linux-hwe, linux-azure vulnerabilities
USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.
Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the
Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2018-19824)
Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information
leak in the Bluetooth implementation of the Linux kernel. An attacker
within Bluetooth range could use this to expose sensitive information
(kernel memory). (CVE-2019-3459, CVE-2019-3460)
Jann Horn discovered that the KVM implementation in th
OSV
CVE-2019-9162: In the Linux kernel before 4
osv·2019-02-25·CVSS 7.8
CVE-2019-9162 [HIGH] CVE-2019-9162: In the Linux kernel before 4
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2019-04-02·CVSS 7.8
CVE-2018-19824 [HIGH] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.
Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the
Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2018-19824)
Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information
leak in the Bluetooth implementation of the Linux kernel. An attacker
within Bluetooth range could use this to expose sensitive information
(kernel memory). (CVE-2019-3459, C
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2019-04-02·CVSS 7.8
CVE-2018-19824 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the
Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2018-19824)
Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information
leak in the Bluetooth implementation of the Linux kernel. An attacker
within Bluetooth range could use this to expose sensitive information
(kernel memory). (CVE-2019-3459, CVE-2019-3460)
Jann Horn discovered that the KVM implementation in the Linux kernel
contained a use-after-free vulnerability. An attacker in a guest VM with
access to /dev/kvm could use this to cause a denial of
Red Hat
kernel: out-of-bounds read/write in et/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module
vendor_redhat·2019-02-11·CVSS 7.8
CVE-2019-9162 [HIGH] CWE-119 kernel: out-of-bounds read/write in et/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module
kernel: out-of-bounds read/write in et/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
It was found that there are insufficient ASN.1 sequence length checks (a.k.a. an array index error) in the Linux kernel in the snmp_version() and snmp_helper() functions in the net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the [nf_nat_snmp_basic] module making out-of-bounds read and write operations possible. An unprivileged local attacker can use this flaw to cause a kernel
Debian
CVE-2019-9162: linux - In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c ...
vendor_debian·2019·CVSS 7.8
CVE-2019-9162 [HIGH] CVE-2019-9162: linux - In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c ...
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
Scope: local
bookworm: resolved (fixed in 4.19.28-1)
bullseye: resolved (fixed in 4.19.28-1)
forky: resolved (fixed in 4.19.28-1)
sid: resolved (fixed in 4.19.28-1)
trixie: resolved (fixed in 4.19.28-1)
No detection rules found.
Bugzilla
CVE-2019-9162 kernel: out-of-bounds read/write in et/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module
bugzilla·2019-02-26·CVSS 7.8
CVE-2019-9162 [HIGH] CVE-2019-9162 kernel: out-of-bounds read/write in et/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module
CVE-2019-9162 kernel: out-of-bounds read/write in et/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module
It was found that there are insufficient ASN.1 sequence length checks (a.k.a. an array index error) in the Linux kernel in the snmp_version() and snmp_helper() functions in the net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the [nf_nat_snmp_basic] module making out-of-bounds read and write operations possible. A unprivileged local attacker can use this flaw to cause a kernel OOPS condition and thus a denial of service (DoS). Due to the nature of the flaw, an attack from the network or privilege escalation cannot be fully ruled out, although we believe it is unlikely.
External References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1776
https://seclists.org/o
Bugzilla
CVE-2019-9162 kernel: out-of-bounds read/write in et/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module [fedora-all]
bugzilla·2019-02-26·CVSS 7.8
CVE-2019-9162 [HIGH] CVE-2019-9162 kernel: out-of-bounds read/write in et/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module [fedora-all]
CVE-2019-9162 kernel: out-of-bounds read/write in et/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
N
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4c07b4d6fa1f11880eab8e076d3d060ef3f55fchttp://www.securityfocus.com/bid/107159https://bugs.chromium.org/p/project-zero/issues/detail?id=1776https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.25https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.12https://github.com/torvalds/linux/commit/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fchttps://security.netapp.com/advisory/ntap-20190327-0002/https://support.f5.com/csp/article/K31864522https://usn.ubuntu.com/3930-1/https://usn.ubuntu.com/3930-2/https://www.exploit-db.com/exploits/46477/http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4c07b4d6fa1f11880eab8e076d3d060ef3f55fchttp://www.securityfocus.com/bid/107159https://bugs.chromium.org/p/project-zero/issues/detail?id=1776https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.25https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.12https://github.com/torvalds/linux/commit/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fchttps://security.netapp.com/advisory/ntap-20190327-0002/https://support.f5.com/csp/article/K31864522https://usn.ubuntu.com/3930-1/https://usn.ubuntu.com/3930-2/https://www.exploit-db.com/exploits/46477/
2019-02-25
Published