{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-09T16:06:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lkml.org/lkml/2019/6/3/526"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607"}, {"name": "108550", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108550"}, {"name": "FEDORA-2019-c03eda3cc6", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/"}, {"name": "FEDORA-2019-83858fc57b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190710-0002/"}, {"name": "openSUSE-SU-2019:1716", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"}, {"name": "openSUSE-SU-2019:1757", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"}, {"name": "USN-4093-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4093-1/"}, {"name": "USN-4094-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4095-2/"}, {"name": "USN-4095-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4095-1/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K54337315"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K54337315?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/10"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12614", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lkml.org/lkml/2019/6/3/526", "refsource": "MISC", "url": "https://lkml.org/lkml/2019/6/3/526"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607"}, {"name": "108550", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108550"}, {"name": "FEDORA-2019-c03eda3cc6", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/"}, {"name": "FEDORA-2019-83858fc57b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/"}, {"name": "https://security.netapp.com/advisory/ntap-20190710-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190710-0002/"}, {"name": "openSUSE-SU-2019:1716", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"}, {"name": "openSUSE-SU-2019:1757", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"}, {"name": "USN-4093-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4093-1/"}, {"name": "USN-4094-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4095-2/"}, {"name": "USN-4095-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4095-1/"}, {"name": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"}, {"name": "https://support.f5.com/csp/article/K54337315", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K54337315"}, {"name": "https://support.f5.com/csp/article/K54337315?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K54337315?utm_source=f5support&utm_medium=RSS"}, {"name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/10"}, {"name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:24:38.998Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lkml.org/lkml/2019/6/3/526"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607"}, {"name": "108550", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108550"}, {"name": "FEDORA-2019-c03eda3cc6", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/"}, {"name": "FEDORA-2019-83858fc57b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190710-0002/"}, {"name": "openSUSE-SU-2019:1716", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"}, {"name": "openSUSE-SU-2019:1757", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"}, {"name": "USN-4093-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4093-1/"}, {"name": "USN-4094-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4095-2/"}, {"name": "USN-4095-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4095-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K54337315"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K54337315?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12614", "datePublished": "2019-06-03T21:58:24", "dateReserved": "2019-06-03T00:00:00", "dateUpdated": "2024-08-04T23:24:38.998Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "460F5090-BFE9-40CE-9B13-5F15685CD774", "versionEndIncluding": "5.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash)."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en dlpar_parse_cc_property en arch / powerpc / platform / pseries / dlpar.c en el kernel de Linux hasta la versi\u00f3n 5.1.6. Hay un kstrdup sin marcar de prop-> name, que podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio (desreferencia de puntero NULL y bloqueo del sistema)."}], "id": "CVE-2019-12614", "lastModified": "2024-11-21T04:23:11.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-03T22:29:00.257", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108550"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://lkml.org/lkml/2019/6/3/526"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Jan/10"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190710-0002/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K54337315"}, {"source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K54337315?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4093-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4094-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4095-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4095-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108550"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=efa9ace68e487ddd29c2b4d6dd23242158f1f607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDURACJVGIBIYBSGDZJTRDPX46H5WPZW/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBJHGQXA4PQ5EOGCOXEH3KFDNVZ2I4X7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://lkml.org/lkml/2019/6/3/526"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Jan/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190710-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K54337315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K54337315?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4093-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4094-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4095-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4095-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2104", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.21.2.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-05-12T00:00:00Z"}, {"advisory": "RHSA-2020:4060", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4431", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-240.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service", "id": "1718176", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1718176"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).", "A flaw was found in the way Linux kernel's Dynamic Logical Partitioning (DLPAR) functionality on PowerPC systems handled low memory conditions on device discovery. An attacker who can change the LPAR configuration and incur low memory conditions at the same time could use this flaw to crash the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2019-12614", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-06-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-12614\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12614"], "statement": "An attacker needs to be highly privileged to exploit this issue. He either needs to trigger LPAR configuration change (or wait for such event to happen) and incur low memory conditions at the same time. It could be argued that possessing privileges required to exploit this issue could have the same impact as the issue itself.\nThe indications say that this issue was found by static code analysing tool which looks for memory allocations without failure checks and not actually reproduced on a running system. The CVE assignment also looks automated and following the \"better be safe than sorry\" approach.\nAs such, this issue is theoretical in nature and Low impact at best.", "threat_severity": "Low"}