Fedora 28 update for kernel, kernel-headers, kernel-tools



| Updated: 2025-04-24
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-3701
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Fedora
Operating systems & Components / Operating system

kernel-tools
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor Fedoraproject

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Denial of service

EUVDB-ID: #VU16810

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-3701

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in can_can_gw_rcv in net/can/gw.c due to missing check. A local attacker can write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames, trigger general protection fault and cause the system to crash.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 28

kernel-tools: before 4.19.14-200.fc28

kernel-headers: before 4.19.14-200.fc28

kernel: before 4.19.14-200.fc28

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2019-337484d88b


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###