Information disclosure in Linux kernel



Published: 2020-01-17 | Updated: 2020-06-01
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-14615
CWE-ID CWE-200
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU28407

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-14615

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.4 - 5.4.42


CPE2.3 External links

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.210
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.210
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.165
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.96
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###