Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-9213NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference25 documents10 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.5OSV7.0
EPSS
6.8%
top 8.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Linux KernelDebian LinuxCanonical Ubuntu Linux+3 more
Timeline
PublishedMar 5
Latest updateMay 14

Description

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.94.9.162+3
Debianlinux/linux_kernel< 4.19.28-1+3
Ubuntulinux/linux_kernel< 3.13.0-168.218+2
debiandebian/linux< linux 4.19.28-1 (bookworm)
NVDopensuse/leap15.0, 42.3+1

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.10, Enterprise Linux 7.0, 8.0

Patches

Patch: git.kernel.orgPatch: cdn.kernel.orgPatch: cdn.kernel.org

🔴Vulnerability Details

8
GHSA
GHSA-4r7r-87cf-rc4r: In the Linux kernel before 42022-05-14
OSV
linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 vulnerabilities2019-04-02
OSV
linux-lts-xenial, linux-aws vulnerabilities2019-04-02
OSV
linux-hwe, linux-azure vulnerabilities2019-04-02
OSV
linux vulnerabilities2019-04-02

💥Exploits & PoCs

3
Exploit-DB
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)2020-01-23
Exploit-DB
Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem2019-03-06
Metasploit
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation

📋Vendor Advisories

10
Ubuntu
Linux kernel (HWE) vulnerabilities2019-04-02
Ubuntu
Linux kernel (HWE) vulnerabilities2019-04-02
Ubuntu
Linux kernel vulnerabilities2019-04-02
Ubuntu
Linux kernel vulnerabilities2019-04-02
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2019-04-02

📄Research Papers

1
CTF
20190608-0ctf_tctf2019finals / README2019

💬Community

2
Bugzilla
CVE-2019-9213 kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms [fedora-all]2019-03-06
Bugzilla
CVE-2019-9213 kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms2019-03-06