** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.
CVE-2019-12378 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.238
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: 05c0743befb9102e2ecb9fbd0fa8eb43eb8bb5ec
Found in base branch: master
Vulnerable Source Files (2)
/net/ipv6/ipv6_sockglue.c /net/ipv6/ipv6_sockglue.c
Vulnerability Details
** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.
Publish Date: 2019-05-28
URL: CVE-2019-12378
CVSS 3 Score Details (5.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12378
Release Date: 2019-06-10
Fix Resolution: v5.1-rc6
Step up your Open Source Security Game with Mend here