Linux Kernel up to 5.3.9 Flow Dissector flow_dissector.c hashmd information disclosure – Digitalmunition




Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on January 20th, 2020 📆 | 4888 Views ⚑

0

Linux Kernel up to 5.3.9 Flow Dissector flow_dissector.c hashmd information disclosure

CVSS Meta Temp ScoreCurrent Exploit Price (≈)CTI Interest Score
3.4$0-$5k1.51

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.3.9 (Operating System). This affects an unknown function of the file net/core/flow_dissector.c of the component Flow Dissector. The manipulation of the argument hashmd as part of a IPv6 Packet leads to a information disclosure vulnerability (Track). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.

The weakness was shared 01/16/2020 as confirmed git commit (GIT Repository). It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2019-18282 since 10/23/2019. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/17/2020).

Upgrading to version 5.3.10 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be patching the affected component.

Type

Vendor

Name

VulDB Meta Base Score: 3.5
VulDB Meta Temp Score: 3.4

VulDB Base Score: ≈3.5
VulDB Temp Score: ≈3.4
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Information disclosure / Track (CWE-200)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Patch
Status: 🔍

0-Day Time: 🔒

Upgrade: Kernel 5.3.10
Patch: git.kernel.org

10/23/2019 CVE assigned
01/16/2020 +85 days Advisory disclosed
01/17/2020 +1 days VulDB entry created
01/17/2020 +0 days VulDB last updateVendor: kernel.org

Advisory: git.kernel.org
Status: Confirmed

CVE: CVE-2019-18282 (🔒)

Created: 01/17/2020 06:58 AM
Complete: 🔍

Enable the mail alert feature now!

https://vuldb.com/?id.149079

Tagged with:



Leave a Reply ✍


loading...