CVE Vulnerabilities

CVE-2019-12456

Published: May 30, 2019 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
7.8 IMPORTANT
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
NEGLIGIBLE

An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a double fetch vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * 5.1.5 (including)
Linux Ubuntu bionic *
Linux Ubuntu cosmic *
Linux Ubuntu disco *
Linux Ubuntu esm-infra-legacy/trusty *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu xenial *
Linux-aws Ubuntu bionic *
Linux-aws Ubuntu cosmic *
Linux-aws Ubuntu disco *
Linux-aws Ubuntu esm-infra-legacy/trusty *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu trusty/esm *
Linux-aws Ubuntu xenial *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu bionic *
Linux-azure Ubuntu cosmic *
Linux-azure Ubuntu disco *
Linux-azure Ubuntu esm-infra-legacy/trusty *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu trusty/esm *
Linux-azure Ubuntu xenial *
Linux-azure-edge Ubuntu bionic *
Linux-azure-edge Ubuntu xenial *
Linux-euclid Ubuntu xenial *
Linux-flo Ubuntu trusty *
Linux-flo Ubuntu xenial *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu cosmic *
Linux-gcp Ubuntu disco *
Linux-gcp Ubuntu xenial *
Linux-gcp-edge Ubuntu bionic *
Linux-gke Ubuntu bionic *
Linux-gke Ubuntu xenial *
Linux-goldfish Ubuntu trusty *
Linux-goldfish Ubuntu xenial *
Linux-grouper Ubuntu trusty *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu xenial *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu xenial *
Linux-kvm Ubuntu bionic *
Linux-kvm Ubuntu cosmic *
Linux-kvm Ubuntu disco *
Linux-kvm Ubuntu xenial *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-vivid Ubuntu trusty *
Linux-lts-wily Ubuntu trusty *
Linux-lts-xenial Ubuntu esm-infra-legacy/trusty *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-maguro Ubuntu trusty *
Linux-mako Ubuntu trusty *
Linux-mako Ubuntu xenial *
Linux-manta Ubuntu trusty *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu cosmic *
Linux-oem Ubuntu disco *
Linux-oem Ubuntu xenial *
Linux-oracle Ubuntu bionic *
Linux-oracle Ubuntu cosmic *
Linux-oracle Ubuntu disco *
Linux-oracle Ubuntu xenial *
Linux-raspi2 Ubuntu bionic *
Linux-raspi2 Ubuntu cosmic *
Linux-raspi2 Ubuntu disco *
Linux-raspi2 Ubuntu xenial *
Linux-snapdragon Ubuntu bionic *
Linux-snapdragon Ubuntu disco *
Linux-snapdragon Ubuntu xenial *

References