CVE-2019-3459 — MEDIUM (6.5)

Q: What is CVE-2019-3459?

CVE-2019-3459 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

Q: How severe is CVE-2019-3459?

CVE-2019-3459 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3459?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Redhat Codeready Linux Builder, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.

Vulnerability Description

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 5.1
Canonical	Ubuntu Linux	14.04
Redhat	Codeready Linux Builder	8.0
Redhat	Enterprise Linux	5.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	8.1
Redhat	Enterprise Linux For Real Time	7
Redhat	Enterprise Linux For Real Time For Nfv	7
Redhat	Enterprise Linux For Real Time For Nfv Tus	8.2
Redhat	Enterprise Linux For Real Time Tus	8.2
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Tus	8.2
Redhat	Enterprise Linux Workstation	7.0
Redhat	Enterprise Mrg	2.0
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-125

References

http://www.openwall.com/lists/oss-security/2019/06/27/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/27/7Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/12/1Mailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:2029Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2043Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3517Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=1120758Issue TrackingPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1663176Issue TrackingMitigationThird Party Advisory
https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69PatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2019-3459?

CVE-2019-3459 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

How severe is CVE-2019-3459?

CVE-2019-3459 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3459?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Redhat Codeready Linux Builder, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.