Home

CVE-2019-9213

Description

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
6.812

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-default-4.4.176-94.88.1.x86_64.rpmLinux
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-default-debuginfo-4.4.176-94.88.1.x86_64.rpmLinux
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-default-debugsource-4.4.176-94.88.1.x86_64.rpmLinux
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-default-devel-4.4.176-94.88.1.x86_64.rpmLinux
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-default-extra-4.4.176-94.88.1.x86_64.rpmLinux
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-default-extra-debuginfo-4.4.176-94.88.1.x86_64.rpmLinux
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-devel-4.4.176-94.88.1.noarch.rpmLinux
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-macros-4.4.176-94.88.1.noarch.rpmLinux
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-source-4.4.176-94.88.1.noarch.rpmLinux
SUSE-SU-2019:0801-1(SUSE Linux Enterprise Desktop 12-SP3 ) kernel-syms-4.4.176-94.88.1.x86_64.rpmLinux
Kernel-uek update (ELSA-2022-9761) kernel-uek-4.1.12-124.66.3.el7uek.x86_64.rpmLinux
Kernel-uek-debug update (ELSA-2022-9761) kernel-uek-debug-4.1.12-124.66.3.el7uek.x86_64.rpmLinux
Kernel-uek-debug-devel update (ELSA-2022-9761) kernel-uek-debug-devel-4.1.12-124.66.3.el7uek.x86_64.rpmLinux
Kernel-uek-devel update (ELSA-2022-9761) kernel-uek-devel-4.1.12-124.66.3.el7uek.x86_64.rpmLinux
Kernel-uek-doc update (ELSA-2022-9761) kernel-uek-doc-4.1.12-124.66.3.el7uek.noarch.rpmLinux
Kernel-uek-firmware update (ELSA-2022-9761) kernel-uek-firmware-4.1.12-124.66.3.el7uek.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234