Vulnerability Description
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 5.1.6 |
| Canonical | Ubuntu Linux | 14.04 |
| Fedoraproject | Fedora | 29 |
| Opensuse | Leap | 15.0 |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.htmlThird Party Advisory
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-SlackwarThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/108550Third Party AdvisoryVDB Entry
- https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efaPatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lkml.org/lkml/2019/6/3/526PatchVendor Advisory
- https://seclists.org/bugtraq/2020/Jan/10Mailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20190710-0002/Third Party Advisory
- https://support.f5.com/csp/article/K54337315Third Party Advisory
- https://support.f5.com/csp/article/K54337315?utm_source=f5support&%3Butm_medi
- https://usn.ubuntu.com/4093-1/Third Party Advisory
FAQ
What is CVE-2019-12614?
CVE-2019-12614 is a vulnerability with a CVSS score of 4.1 (MEDIUM). An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attack...
How severe is CVE-2019-12614?
CVE-2019-12614 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12614?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Fedoraproject Fedora, Opensuse Leap, Redhat Enterprise Linux.