CVE-2019-11486 — HIGH (7.0)

Q: What is CVE-2019-11486?

CVE-2019-11486 is a vulnerability with a CVSS score of 7.0 (HIGH). The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.

Q: How severe is CVE-2019-11486?

CVE-2019-11486 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-11486?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Opensuse Leap, Netapp Active Iq, Netapp Hci Management Node.

Vulnerability Description

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.16.66
Debian	Debian Linux	9.0
Opensuse	Leap	15.1
Netapp	Active Iq	-
Netapp	Hci Management Node	-
Netapp	Snapprotect	-
Netapp	Solidfire	-
Netapp	Storage Replication Adapter For Clustered Data Ontap	9.7
Netapp	Vasa Provider For Clustered Data Ontap	9.7
Netapp	Virtual Storage Console	9.7

Related Weaknesses (CWE)

CWE-362

References

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/04/29/1Mailing ListThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c7084PatchVendor Advisory
https://github.com/torvalds/linux/commit/c7084edc3f6d67750f50d4183134c4fb5712a5cPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.htmlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.htmlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.htmlThird Party Advisory
https://seclists.org/bugtraq/2019/Jun/26Mailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20190517-0005/Third Party Advisory

FAQ

What is CVE-2019-11486?

CVE-2019-11486 is a vulnerability with a CVSS score of 7.0 (HIGH). The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.

How severe is CVE-2019-11486?

CVE-2019-11486 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11486?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Opensuse Leap, Netapp Active Iq, Netapp Hci Management Node.