admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-170xx/CVE-2019-17075.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

143 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-17075",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-01T21:15:11.523",
"lastModified": "2021-06-14T18:15:17.350",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en la funci\u00f3n write_tpt_entry en el archivo drivers/infiniband/hw/cxgb4/mem.c en el kernel de Linux versiones hasta 5.3.2. El controlador cxgb4 est\u00e1 llamando directamente a dma_map_single (una funci\u00f3n DMA) desde una variable de la pila. Esto podr\u00eda permitir que un atacante desencadene una Denegaci\u00f3n de Servicio, explotable si este controlador es utilizado en una arquitectura para la cual esta interacci\u00f3n pila/DMA tiene relevancia de seguridad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.3.2",
"matchCriteriaId": "6098E9F1-1520-4DC7-AC82-4D7506570A02"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html",
"source": "cve@mitre.org"
},
{
"url": "https://lore.kernel.org/lkml/20191001165611.GA3542072@kroah.com",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://seclists.org/bugtraq/2019/Nov/11",
"source": "cve@mitre.org"
},
{
"url": "https://usn.ubuntu.com/4208-1/",
"source": "cve@mitre.org"
},
{
"url": "https://usn.ubuntu.com/4210-1/",
"source": "cve@mitre.org"
},
{
"url": "https://usn.ubuntu.com/4211-1/",
"source": "cve@mitre.org"
},
{
"url": "https://usn.ubuntu.com/4211-2/",
"source": "cve@mitre.org"
},
{
"url": "https://usn.ubuntu.com/4226-1/",
"source": "cve@mitre.org"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink