Versio.io

CVE-2019-5023

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 31-10-2019 10:15
Last modified: - 07-06-2022 08:41
Total changes: - 5

Description

An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
High
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
5.9
Base score
2.2
3.6
Exploitability score
Impact score
 

Verification logic

OR
vendor=opensrcsec AND product=grsecurity AND software_edition=official AND versionEndIncluding=3.1-4.9.24-201704252333 AND versionStartIncluding=3.1-4.9.8-201702060653
vendor=opensrcsec AND product=grsecurity AND software_edition=unofficial AND versionEndIncluding=4.9.74 AND versionStartIncluding=4.9.25
vendor=opensrcsec AND product=pax AND versionEndIncluding=pax-linux-4.9.8-test7 AND versionStartIncluding=pax-linux-4.9.8-test1
 

Reference

 


Keywords

NVD

 

CVE-2019-5023

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.