VDB
CVE-2019-17052
CVE-2019-17052
PUBLISHED
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
EPSS 0.09% · 25.1th percentile
Risk Scores
EPSS Score
0.09%
25.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-raspi2 | 0, 4.13.0-1006.6, 4.13.0-1008.8 |
| Ubuntu:Pro:14.04:LTS | linux-lts-xenial | 4.4.0-121.145~14.04.1, 4.4.0-119.143~14.04.1, 4.4.0-116.140~14.04.1 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:16.04:LTS | linux-azure | 4.11.0-1009.9, *, 4.15.0-1060.65 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-aws-fips | 0, 4.15.0-2000.4 |
| Ubuntu:16.04:LTS | linux | 4.4.0-42.62, 4.4.0-38.57, 4.4.0-36.55 |
| Ubuntu:18.04:LTS | linux-kvm | 4.15.0-1038.38, 4.15.0-1039.39, 4.15.0-1042.42 |
| Ubuntu:18.04:LTS | linux | 4.15.0-62.69, 0, 4.13.0-16.19 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1001.1, 4.15.0-1037.39, 0 |
| Ubuntu:Pro:FIPS:16.04:LTS | linux-fips | 4.4.0-1005.5, 4.4.0-1003.3, 4.4.0-1017.22 |
| Ubuntu:16.04:LTS | linux-snapdragon | 4.4.0-1102.107, 4.4.0-1103.108, 4.4.0-1105.110 |
| Ubuntu:16.04:LTS | linux-kvm | 4.4.0-1056.63, 4.4.0-1051.58, 4.4.0-1027.32 |
| Ubuntu:18.04:LTS | linux-azure-edge | 0, 4.18.0-1008.8~18.04.1, 5.0.0-1012.12~18.04.2 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-gcp-fips | 4.15.0-1001.1, 0 |
| Ubuntu:18.04:LTS | linux-oem-osp1 | 5.0.0-1012.13, 5.0.0-1010.11, 0 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1059.68, 0, 4.15.0-1002.3 |
| Ubuntu:18.04:LTS | linux-hwe | 5.0.0-31.33~18.04.1, 5.0.0-29.31~18.04.1, 0 |
| Ubuntu:22.04:LTS | linux-realtime | 0, 5.15.0-1032.35 |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1010.12, 4.4.0-1010.13, 4.4.0-1012.16 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.0.0-17.18~18.04.1, 5.0.0-19.20~18.04.1, 5.3.0-23.25~18.04.1 |
…and 23 more
Exploit Intelligence
- vulnerability_exploit_rules.yar (github-yara)
- vulnerability_exploit_rules.yar (github-yara)
- vulnerability_exploit_rules.yar (github-yara)
- vulnerability_exploit_rules.yar (github-yara)
- vulnerability_exploit_rules.yar (github-yara)
Timeline
- Oct 1, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-17052 third-party-advisory
- https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c third-party-advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0614e2b73768b502fc32a75349823356d98aae2c third-party-advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b third-party-advisory
- https://ubuntu.com/security/notices/USN-4184-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4185-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4185-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-4186-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4186-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-17052 third-party-advisory