Nivaskumark / kernel_v4.1.15

Other
0 stars 1 forks source link

CVE-2019-25160 (High) detected in linuxlinux-4.6 #909

Open mend-bolt-for-github[bot] opened 6 months ago

mend-bolt-for-github[bot] commented 6 months ago

CVE-2019-25160 - High Severity Vulnerability

Vulnerable Library - linuxlinux-4.6

The Linux Kernel

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux

Found in HEAD commit: 00db4e8795bcbec692fb60b19160bdd763ad42e3

Found in base branch: master

Vulnerable Source Files (2)

/net/ipv4/cipso_ipv4.c /net/ipv4/cipso_ipv4.c

Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk() patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8.

Publish Date: 2024-02-26

URL: CVE-2019-25160

CVSS 3 Score Details (7.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2019-25160

Release Date: 2024-02-26

Fix Resolution: v3.18.137,v4.4.177,v4.9.163,v4.14.106,v4.19.28,v4.20.15,v5.0


Step up your Open Source Security Game with Mend here