CVE-2019-11811 — HIGH (7.0)

Q: How severe is CVE-2019-11811?

CVE-2019-11811 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-11811?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Leap, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop.

Vulnerability Description

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 4.18, < 4.19.31
Opensuse	Leap	15.1
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Aus	7.6
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.4
Redhat	Enterprise Linux Server Tus	7.4
Redhat	Enterprise Linux Workstation	7.0

Related Weaknesses (CWE)

CWE-416

References

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.htmlThird Party Advisory
http://www.securityfocus.com/bid/108410Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:1873Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1891Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1959Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1971Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4057Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4058Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0036Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.4Release NotesVendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=401e7PatchVendor Advisory
https://github.com/torvalds/linux/commit/401e7e88d4ef80188ffa07095ac00456f901b8cPatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20190719-0003/Third Party Advisory
https://support.f5.com/csp/article/K01512680Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.htmlThird Party Advisory

FAQ

What is CVE-2019-11811?

CVE-2019-11811 is a vulnerability with a CVSS score of 7.0 (HIGH). An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_s...

How severe is CVE-2019-11811?

CVE-2019-11811 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11811?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Leap, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Desktop.