Published on January 20th, 2020 📆 | 4888 Views ⚑0
Linux Kernel up to 5.3.9 Flow Dissector flow_dissector.c hashmd information disclosure
|CVSS Meta Temp Score||Current Exploit Price (≈)||CTI Interest Score|
A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.3.9 (Operating System). This affects an unknown function of the file net/core/flow_dissector.c of the component Flow Dissector. The manipulation of the argument
hashmd as part of a IPv6 Packet leads to a information disclosure vulnerability (Track). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.
The weakness was shared 01/16/2020 as confirmed git commit (GIT Repository). It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2019-18282 since 10/23/2019. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/17/2020).
Upgrading to version 5.3.10 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be patching the affected component.
VulDB Meta Base Score: 3.5
VulDB Meta Temp Score: 3.4
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day unlock unlock unlock unlock Today unlock unlock unlock unlock
0-Day Time: 🔒
Upgrade: Kernel 5.3.10
Created: 01/17/2020 06:58 AM Enable the mail alert feature now!
Enable the mail alert feature now!