Linux Kernel up to 5.3.9 Flow Dissector flow_dissector.c hashmd information disclosure – Digitalmunition

Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on January 20th, 2020 📆 | 4888 Views ⚑


Linux Kernel up to 5.3.9 Flow Dissector flow_dissector.c hashmd information disclosure

CVSS Meta Temp ScoreCurrent Exploit Price (≈)CTI Interest Score

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.3.9 (Operating System). This affects an unknown function of the file net/core/flow_dissector.c of the component Flow Dissector. The manipulation of the argument hashmd as part of a IPv6 Packet leads to a information disclosure vulnerability (Track). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality.

The weakness was shared 01/16/2020 as confirmed git commit (GIT Repository). It is possible to read the advisory at This vulnerability is uniquely identified as CVE-2019-18282 since 10/23/2019. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/17/2020).

Upgrading to version 5.3.10 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at The best possible mitigation is suggested to be patching the affected component.




VulDB Meta Base Score: 3.5
VulDB Meta Temp Score: 3.4

VulDB Base Score: ≈3.5
VulDB Temp Score: ≈3.4
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Information disclosure / Track (CWE-200)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Patch
Status: 🔍

0-Day Time: 🔒

Upgrade: Kernel 5.3.10

10/23/2019 CVE assigned
01/16/2020 +85 days Advisory disclosed
01/17/2020 +1 days VulDB entry created
01/17/2020 +0 days VulDB last updateVendor:

Status: Confirmed

CVE: CVE-2019-18282 (🔒)

Created: 01/17/2020 06:58 AM
Complete: 🔍

Enable the mail alert feature now!

Tagged with:

Leave a Reply ✍