1747334 – (CVE-2019-15666) CVE-2019-15666 kernel: out-of-bounds array access in __xfrm_policy_unlink

Bug 1747334 (CVE-2019-15666) - CVE-2019-15666 kernel: out-of-bounds array access in __xfrm_policy_unlink

Summary: CVE-2019-15666 kernel: out-of-bounds array access in __xfrm_policy_unlink

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-15666
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1718812 1747335 1803667 1803668 1803669 1803670 1803671
Blocks:	1747336
TreeView+	depends on / blocked

Reported:	2019-08-30 07:12 UTC by Dhananjay Arunesh
Modified:	2021-02-16 21:25 UTC (History)
CC List:	48 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2020-04-16 16:31:57 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:1493	0	None	None	None	2020-04-16 14:38:41 UTC

Description Dhananjay Arunesh 2019-08-30 07:12:00 UTC

A flaw regarding the removal of xfrm policies from the kernel may possibly crash the system or corrupt memory or escalate privilges . Policies addition or removal is a privileged operation (usually done through the ip command) or via a netlink socket.

A local privileged user (with CAP_NET_ADMIN or root) is required to exploit this condition.  With this limitation, this issue is rated as Moderate.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b805d78d300bcf2c83d6df7da0c818b0fee41427
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19

Comment 1 Dhananjay Arunesh 2019-08-30 07:12:17 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1747335]

Comment 2 Justin M. Forbes 2019-08-30 12:14:14 UTC

This was fixed for Fedora with the 5.0.19 stable update

Comment 8 Eric Christensen 2020-03-02 21:48:25 UTC

Statement:

A local privileged user (with CAP_NET_ADMIN or root) is required to exploit this condition. With this limitation, this issue is rated as Moderate.

Comment 9 errata-xmlrpc 2020-04-16 14:38:38 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:1493 https://access.redhat.com/errata/RHSA-2020:1493

Comment 10 Product Security DevOps Team 2020-04-16 16:31:57 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-15666

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jlelli
john.j5live
jonathan
josef
jross
jshortt
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
masami256
matt
mchehab
mcressma
mickygough
mjg59
mlangsdo
nmurray
plougher
rt-maint
rvrbovsk
sdubroca
steved
williams
wmealing
yozone