SB2019081619 - Out-of-bounds read in Linux kernel
Published: August 16, 2019 Updated: September 3, 2019
Security Bulletin ID
SB2019081619
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2019-15090)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in the QLogic QEDI iSCSI Initiator Driver due to a boundary condition in "drivers/scsi/qedi/qedi_dbg.c". A local authenticated user can trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.12
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c09581a52765a85f19fc35340127396d5e3379cc
- https://github.com/torvalds/linux/commit/c09581a52765a85f19fc35340127396d5e3379cc
- https://usn.ubuntu.com/4115-1/
- https://usn.ubuntu.com/4118-1/