CVE-2019-12455

{"id": "CVE-2019-12455", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-05-30T04:29:02.103", "references": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3&id=fcdf445ff42f036d22178b49cf64e92d527c1330", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190710-0002/", "source": "cve@mitre.org"}, {"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2010240.html", "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux.git/commit/?h=sunxi/clk-for-5.3&id=fcdf445ff42f036d22178b49cf64e92d527c1330", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20190710-0002/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg2010240.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because \u201cThe memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.\u201d"}, {"lang": "es", "value": "** EN DISPUTA ** Se descubri\u00f3 un problema en sunxi_divs_clk_setup en drivers / clk / sunxi / clk-sunxi.c en el kernel de Linux hasta la versi\u00f3n 5.1.5. Existe una kstrndup no verificada de derived_name, que podr\u00eda permitir a un atacante provocar una denegaci\u00f3n de servicio (desreferencia de puntero NULL y bloqueo del sistema). NOTA: Esta identificaci\u00f3n se disputa por no ser un problema porque \u201cLa asignaci\u00f3n de memoria que no se verific\u00f3 es parte de un c\u00f3digo que solo se ejecuta en el momento del arranque, antes de que se inicien los procesos del usuario. Por lo tanto, no hay posibilidad de que un usuario no privilegiado lo controle, y no se le niega el servicio \"."}], "lastModified": "2024-11-21T04:22:53.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3A44251-1463-4532-88A6-5A593BB766D6", "versionEndIncluding": "5.1.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}