Vulnerability Name:

CVE-2019-20811 (CCN-183253)

Assigned:2019-03-19
Published:2019-03-19
Updated:2023-01-20
Summary:An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
3.3 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
2.9 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-460
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-20811

Source: cve@mitre.org
Type: Release Notes, Vendor Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
linux-kernel-cve201920811-weak-security(183253)

Source: CCN
Type: Linux Kernel GIT Repository
net-sysfs: call dev_hold if kobject_init_and_add success

Source: cve@mitre.org
Type: Patch, Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6840945 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6981227 (4769 Developer Toolkit)
Multiple vulnerabiities in the IBM 4769 Developer's Toolkit. CVE-2019-20811, CVE-2020-0466, CVE-2021-0920, CVE-2021-3347, CVE-2018-19985, CVE-2018-20169, CVE-2019-13648, CVE-2019-15916, CVE-2019-19527

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-20811

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:5.0.5:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:531
    P
    		Security update for the Linux Kernel (Important)
    2022-06-17
    oval:org.opensuse.security:def:127295
    P
    		Security update for the Linux Kernel (Important)
    2022-06-14
    oval:org.opensuse.security:def:125369
    P
    		Security update for the Linux Kernel (Important)
    2022-06-14
    oval:org.opensuse.security:def:125732
    P
    		Security update for the Linux Kernel (Important)
    2022-06-14
    oval:org.opensuse.security:def:126898
    P
    		Security update for the Linux Kernel (Important)
    2022-06-14
    oval:org.opensuse.security:def:125112
    P
    		Security update for the Linux Kernel (Important)
    2022-06-14
    oval:org.opensuse.security:def:4604
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:6039
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:4734
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:6331
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:5241
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:4295
    P
    		Security update for the Linux Kernel (Important)
    2022-05-16
    oval:org.opensuse.security:def:6034
    P
    		Security update for the Linux Kernel (Important)
    2022-05-12
    oval:com.redhat.rhsa:def:20205023
    P
    		RHSA-2020:5023: kernel security and bug fix update (Moderate)
    2020-11-10
    oval:com.redhat.rhsa:def:20205026
    P
    		RHSA-2020:5026: kernel-rt security and bug fix update (Moderate)
    2020-11-10
    oval:com.redhat.rhsa:def:20193517
    P
    		RHSA-2019:3517: kernel security, bug fix, and enhancement update (Important)
    2019-11-05
    BACK
    linux linux kernel 5.0.5
    ibm qradar network security 5.4.0
    ibm qradar network security 5.5.0