CVE-2019-11811: kernel: use-after-free in IPMI
Bug #1849209 reported by
Bruce Jones
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Critical
|
Robin Lu |
Bug Description
CVE-2019-11811
status : fixed
cvss2Score : 10
Attack Vector: N
Access Complexity : L
Autentication: N
Availability Impact :C
Affected packages:
['kernel', 'kernel-tools', 'kernel-
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/
https:/
CVE References
tags: | added: stx.security |
Changed in starlingx: | |
importance: | Undecided → Critical |
tags: | added: stx.3.0 |
Changed in starlingx: | |
status: | Confirmed → Triaged |
Changed in starlingx: | |
assignee: | Ghada Khalil (gkhalil) → Cindy Xie (xxie1) |
Changed in starlingx: | |
assignee: | Cindy Xie (xxie1) → Lin Shuicheng (shuicheng) |
information type: | Private Security → Public Security |
Changed in starlingx: | |
status: | Triaged → In Progress |
tags: | added: in-r-stx20 in-r-stx30 |
To post a comment you must log in.
This was previously reported in https:/ /bugs.launchpad .net/starlingx/ +bug/1840778
After further investigation, it was determined that StarlingX is not really vulnerable. See the details in the LP above. I think we can close this as a duplicate.