CVE-2019-25045 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-25045 PUBLISHED

An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.

EPSS 0.07% · 22.0th percentile

Risk Scores

EPSS Score

0.07%

22.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	linux-oracle	4.15.0-1013.15, 4.15.0-1025.28, 4.15.0-1026.29
Ubuntu:20.04:LTS	linux-oem-5.6	5.6.0-1042.46, 5.6.0-1055.59, 5.6.0-1056.60
Ubuntu:16.04:LTS	linux-aws-hwe	4.15.0-1033.35~16.04.1, 4.15.0-1051.53~16.04.1, 0
Ubuntu:Pro:FIPS:18.04:LTS	linux-aws-fips	0, 4.15.0-2000.4
Ubuntu:16.04:LTS	linux	4.4.0-7.22, 4.4.0-93.116, 4.4.0-96.119
Ubuntu:Pro:FIPS:18.04:LTS	linux-azure-fips	4.15.0-1002.2, 0
Ubuntu:18.04:LTS	linux-azure	4.15.0-1021.21, 4.15.0-1009.9, 4.15.0-1012.12
Ubuntu:20.04:LTS	linux-raspi2	5.3.0-1015.17, 5.3.0-1017.19, 5.4.0-1004.4
Ubuntu:18.04:LTS	linux	4.15.0-65.74, 0, 4.13.0-16.19
Ubuntu:18.04:LTS	linux-snapdragon	4.15.0-1058.64, 4.4.0-1078.83, 4.4.0-1077.82
Ubuntu:18.04:LTS	linux-azure-5.3	5.3.0-1012.13~18.04.1, 0, 5.3.0-1007.8~18.04.1
Ubuntu:18.04:LTS	linux-kvm	4.15.0-1020.20, 4.15.0-1019.19, 4.15.0-1017.17
Ubuntu:16.04:LTS	linux-gcp	4.15.0-1042.44, 0, 4.10.0-1004.4
Ubuntu:16.04:LTS	linux-kvm	4.4.0-1059.66, 4.4.0-1058.65, 4.4.0-1056.63
Ubuntu:18.04:LTS	linux-gcp	5.0.0-1034.35, 5.0.0-1033.34, 5.0.0-1031.32
Ubuntu:Pro:FIPS-updates:18.04:LTS	linux-aws-fips	4.15.0-2000.4, 0
Ubuntu:18.04:LTS	linux-aws-5.3	5.3.0-1017.18~18.04.1, 5.3.0-1023.25~18.04.1, 5.3.0-1019.21~18.04.1
Ubuntu:18.04:LTS	linux-hwe-edge	5.0.0-20.21~18.04.1, 5.0.0-19.20~18.04.1, 5.0.0-17.18~18.04.1
Ubuntu:Pro:14.04:LTS	linux-lts-xenial	4.4.0-21.37~14.04.1, 4.4.0-15.31~14.04.1, 4.4.0-14.30~14.04.2
Ubuntu:16.04:LTS	linux-aws	4.4.0-1030.39, 4.4.0-1057.66, 4.4.0-1055.64

…and 25 more

Timeline

Jun 7, 2021 CVE Published
Jun 8, 2021 EPSS Score
Jun 13, 2021 EPSS Score
Aug 8, 2021 EPSS Score
Oct 8, 2021 EPSS Score
Dec 7, 2021 EPSS Score
Feb 5, 2022 EPSS Score
Apr 6, 2022 EPSS Score
Jun 6, 2022 EPSS Score
Oct 5, 2022 EPSS Score
Dec 4, 2022 EPSS Score
Feb 3, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2019-25045 third-party-advisory
https://git.kernel.org/linus/dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 third-party-advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19 third-party-advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 third-party-advisory
https://syzkaller.appspot.com/bug?id=f99edaeec58ad40380ed5813d89e205861be2896 third-party-advisory
https://sites.google.com/view/syzscope/warning-in-xfrm_state_fini-2 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2019-25045 third-party-advisory

Open in Interactive Console →