Open mend-bolt-for-github[bot] opened 11 months ago
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
CVE-2019-19046 - Medium Severity Vulnerability
Vulnerable Library - linux-stable-rtv4.1
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/zanussi/linux-stable-rt.git
Found in HEAD commit: 551d58f604413fd5a32198273c77cdcc8a257e82
Found in base branch: master
Vulnerable Source Files (2)
/drivers/char/ipmi/ipmi_msghandler.c /drivers/char/ipmi/ipmi_msghandler.c
Vulnerability Details
** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.
Publish Date: 2019-11-18
URL: CVE-2019-19046
CVSS 3 Score Details (6.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-19046
Release Date: 2019-11-18
Fix Resolution: perf - 4.18.0-240,3.10.0-957.65.1,3.10.0-1062.40.1,4.18.0-240,4.18.0-240,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,3.10.0-1160,3.10.0-1062.40.1;kernel-zfcpdump-modules-extra - 4.18.0-240;kernel-debuginfo - 3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,3.10.0-1160,3.10.0-1160,3.10.0-957.65.1;kernel-debug-devel - 3.10.0-1062.40.1,4.18.0-240,4.18.0-240,3.10.0-957.65.1,4.18.0-240,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1160,3.10.0-1062.40.1,3.10.0-1160,4.18.0-240,3.10.0-957.65.1;bpftool - 3.10.0-1160,3.10.0-1062.40.1,3.10.0-1160,4.18.0-240,3.10.0-1160,4.18.0-240,3.10.0-957.65.1,3.10.0-1062.40.1,4.18.0-240,3.10.0-1062.40.1;kernel-rt-debug-core - 4.18.0-240.rt7.54;kernel-tools-libs - 3.10.0-1160,4.18.0-240,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,3.10.0-1160,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-957.65.1,4.18.0-240,3.10.0-1062.40.1;perf-debuginfo - 3.10.0-1160,4.18.0-240,3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-957.65.1,3.10.0-1160;kernel-cross-headers - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-debug-debuginfo - 3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-1160,4.18.0-240;kernel-debug - 3.10.0-1062.40.1,4.18.0-240,3.10.0-957.65.1,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-957.65.1,3.10.0-1160,3.10.0-1160,4.18.0-240,4.18.0-240,4.18.0-240,3.10.0-1062.40.1;kernel-devel - 3.10.0-1160,3.10.0-957.65.1,4.18.0-240,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,4.18.0-240,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1160,3.10.0-1062.40.1,4.18.0-240;kernel - 3.10.0-1160,4.18.0-240,4.18.0-240,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,4.18.0-240,4.18.0-240,4.18.0-240,3.10.0-957.65.1,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160;bpftool-debuginfo - 4.18.0-240,3.10.0-1062.40.1,3.10.0-1160;kernel-zfcpdump-core - 4.18.0-240;kernel-debug-core - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-modules-extra - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-rt-debug-devel - 3.10.0-1160.rt56.1131,4.18.0-240.rt7.54;python-perf - 3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-1160,3.10.0-957.65.1,3.10.0-1160,3.10.0-1062.40.1;kernel-core - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-rt-debug - 4.18.0-240.rt7.54,3.10.0-1160.rt56.1131;kernel-rt-devel - 4.18.0-240.rt7.54,3.10.0-1160.rt56.1131;kernel-debuginfo-common-ppc64 - 3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1;python3-perf - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-tools - 3.10.0-1062.40.1,4.18.0-240,3.10.0-957.65.1,4.18.0-240,3.10.0-957.65.1,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1062.40.1,4.18.0-240,3.10.0-1160;kernel-debug-modules - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-rt-trace-kvm - 3.10.0-1160.rt56.1131;kernel-rt-debuginfo-common-x86_64 - 4.18.0-240.rt7.54;kernel-tools-libs-devel - 3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1160,3.10.0-1062.40.1;kernel-modules - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-tools-debuginfo - 3.10.0-1160,3.10.0-957.65.1,3.10.0-1160,3.10.0-1062.40.1,4.18.0-240,3.10.0-1062.40.1,3.10.0-957.65.1;kernel-rt-modules - 4.18.0-240.rt7.54;kernel-rt-doc - 3.10.0-1160.rt56.1131;kernel-rt-kvm - 3.10.0-1160.rt56.1131,4.18.0-240.rt7.54;python-perf-debuginfo - 3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-1160,3.10.0-1062.40.1,3.10.0-957.65.1;kernel-headers - 3.10.0-1160,3.10.0-957.65.1,4.18.0-240,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,4.18.0-240,4.18.0-240,3.10.0-1160,3.10.0-957.65.1;kernel-rt-trace - 3.10.0-1160.rt56.1131;kernel-debuginfo-common-x86_64 - 3.10.0-1062.40.1,3.10.0-1160,4.18.0-240,3.10.0-957.65.1;kernel-rt - 3.10.0-1160.rt56.1131,3.10.0-1160.rt56.1131,4.18.0-240.rt7.54,4.18.0-240.rt7.54;kernel-zfcpdump - 4.18.0-240;kernel-rt-debug-modules-extra - 4.18.0-240.rt7.54;python3-perf-debuginfo - 4.18.0-240;kernel-rt-modules-extra - 4.18.0-240.rt7.54;kernel-doc - 4.18.0-240,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1;kernel-rt-core - 4.18.0-240.rt7.54;kernel-rt-debug-debuginfo - 4.18.0-240.rt7.54;kernel-abi-whitelists - 3.10.0-957.65.1,4.18.0-240,3.10.0-1160,3.10.0-1062.40.1;kernel-zfcpdump-modules - 4.18.0-240;kernel-rt-trace-devel - 3.10.0-1160.rt56.1131;kernel-debug-modules-extra - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-rt-debug-kvm - 3.10.0-1160.rt56.1131,4.18.0-240.rt7.54;kernel-bootwrapper - 3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160;kernel-rt-debuginfo - 4.18.0-240.rt7.54;kernel-rt-debug-modules - 4.18.0-240.rt7.54;kernel-zfcpdump-devel - 4.18.0-240;perf - 3.10.0-1160;bpftool - 4.18.0-240;kernel-tools-libs - 3.10.0-1160
Step up your Open Source Security Game with Mend here