Out-of-bounds read in Linux kernel ipv4
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-25160 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU90360
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-25160
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to read data or crash the application.
The vulnerability exists due to an out-of-bounds read error within the cipso_v4_bitmap_walk() and cipso_v4_map_lvl_valid() functions in net/ipv4/cipso_ipv4.c. A local user can read data or crash the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 3.18 - 4.20.14
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:3.18:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.18.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.18.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.18.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.18.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.18.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.18.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.18.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.18.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.18.8:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/97bc3683c24999ee621d847c9348c75d2fe86272
https://git.kernel.org/stable/c/c61d01faa5550e06794dcf86125ccd325bfad950
https://git.kernel.org/stable/c/dc18101f95fa6e815f426316b8b9a5cee28a334e
https://git.kernel.org/stable/c/1c973f9c7cc2b3caae93192fdc8ecb3f0b4ac000
https://git.kernel.org/stable/c/fcfe700acdc1c72eab231300e82b962bac2b2b2c
https://git.kernel.org/stable/c/e3713abc4248aa6bcc11173d754c418b02a62cbb
https://git.kernel.org/stable/c/fbf9578919d6c91100ec63acf2cba641383f6c78
https://git.kernel.org/stable/c/5578de4834fe0f2a34fedc7374be691443396d1f
https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.66
https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.137
https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.66
https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.137
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.106
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.28
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.15
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.177
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.163
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
