Vulnerability Description
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.13.5, < 4.14.166 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10Release NotesVendor Advisory
- https://github.com/torvalds/linux/commit/b57a55e2200ede754e4dc9cce4ba9402544b936PatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20191004-0001/Third Party Advisory
- https://usn.ubuntu.com/4162-1/Third Party Advisory
- https://usn.ubuntu.com/4162-2/Third Party Advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10Release NotesVendor Advisory
- https://github.com/torvalds/linux/commit/b57a55e2200ede754e4dc9cce4ba9402544b936PatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20191004-0001/Third Party Advisory
- https://usn.ubuntu.com/4162-1/Third Party Advisory
- https://usn.ubuntu.com/4162-2/Third Party Advisory
FAQ
What is CVE-2019-15918?
CVE-2019-15918 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to s...
How severe is CVE-2019-15918?
CVE-2019-15918 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15918?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux.