{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-05T04:06:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lkml.org/lkml/2019/9/18/337"}, {"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.195"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18680", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lkml.org/lkml/2019/9/18/337", "refsource": "MISC", "url": "https://lkml.org/lkml/2019/9/18/337"}, {"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.195", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.195"}, {"name": "https://github.com/torvalds/linux/commit/91573ae4aed0a49660abdad4d42f2a0db995ee5e", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:02:38.254Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lkml.org/lkml/2019/9/18/337"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.195"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18680", "datePublished": "2019-11-04T14:13:32", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-05T02:02:38.254Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DB0A6CA-C553-490A-AD8F-C98FE222ABEC", "versionEndExcluding": "4.4.195", "versionStartIncluding": "4.4.179", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el kernel de Linux versiones 4.4.x anteriores a 4.4.195. Se presenta una desreferencia del puntero NULL en la funci\u00f3n rds_tcp_kill_sock() en el archivo net/rds/tcp.c que causar\u00e1 una denegaci\u00f3n de servicio, tambi\u00e9n se conoce como CID-91573ae4aed0."}], "id": "CVE-2019-18680", "lastModified": "2024-11-21T04:33:31.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-04T15:15:11.507", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.195"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://lkml.org/lkml/2019/9/18/337"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/91573ae4aed0a49660abdad4d42f2a0db995ee5e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://lkml.org/lkml/2019/9/18/337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191205-0001/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c", "id": "1772527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772527"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.", "A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rds_tcp kernel module that is loaded through an autoload via a local process running listen(), or manual loading, could possibly cause a kernel panic."], "mitigation": {"lang": "en:us", "value": "While this is a network protocol being affected, the protocol is not available by default. A local process (or user) can trigger the protocol to be used which will then be loaded automatically would then have the vulnerable code loaded and the attack vector opened. To reiterate it is unlikely that most Linux systems will be using this protocol and therefore affected.\nMost systems do _NOT_ have this protocol used by services. This is an infrequently used module and if you wish to blacklist it, you can follow the steps outlined in https://access.redhat.com/solutions/41278 to blacklist the \"rds_tcp\" module for the relevant version of Red Hat Enterprise Linux."}, "name": "CVE-2019-18680", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-09-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-18680\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18680"], "threat_severity": "Low"}