CVE-2019-3460 — MEDIUM (6.5)

Q: What is CVE-2019-3460?

CVE-2019-3460 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

Q: How severe is CVE-2019-3460?

CVE-2019-3460 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3460?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Codeready Linux Builder, Redhat Virtualization Host.

Vulnerability Description

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 5.1
Canonical	Ubuntu Linux	14.04
Debian	Debian Linux	8.0
Redhat	Codeready Linux Builder	8.0
Redhat	Virtualization Host	4.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	8.1
Redhat	Enterprise Linux For Real Time	7
Redhat	Enterprise Linux For Real Time For Nfv	7
Redhat	Enterprise Linux For Real Time For Nfv Tus	8.2
Redhat	Enterprise Linux For Real Time Tus	8.2
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Tus	8.2
Redhat	Enterprise Linux Workstation	7.0

Related Weaknesses (CWE)

CWE-20

References

http://www.openwall.com/lists/oss-security/2019/06/27/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/27/7Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/12/1Mailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:2029Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2043Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3517Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1663179Issue TrackingMitigationThird Party Advisory
https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0PatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2019-3460?

CVE-2019-3460 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

How severe is CVE-2019-3460?

CVE-2019-3460 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3460?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Codeready Linux Builder, Redhat Virtualization Host.