VDB
CVE-2019-25160
CVE-2019-25160
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk() patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8.
EPSS 0.01% · 2.7th percentile
Risk Scores
EPSS Score
0.01%
2.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | linux-oem-6.1 | 6.1.0-1015.15, 6.1.0-1013.13, 6.1.0-1012.12 |
| Ubuntu:22.04:LTS | linux-starfive-5.19 | *, 5.19.0-1020.22~22.04.1, 5.19.0-1019.21~22.04.1 |
| Ubuntu:22.04:LTS | linux-azure-6.2 | *, 0, 6.2.0-1005.5~22.04.1 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 0, 5.15.0-1073.75 |
| Ubuntu:20.04:LTS | linux-riscv-5.11 | 5.11.0-1017.18~20.04.1, 5.11.0-1018.19~20.04.2, 5.11.0-1020.21~20.04.1 |
| Ubuntu:20.04:LTS | linux-oem-5.14 | 5.14.0-1048.55, 5.14.0-1059.67, 5.14.0-1036.40 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-azure-fips | 4.15.0-1002.2, 0 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-aws-fips | 0, 4.15.0-2000.4 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 0, 6.8.0-2019.20 |
| Ubuntu:22.04:LTS | linux-riscv-5.19 | 5.19.0-1020.22~22.04.1, 5.19.0-1021.23~22.04.1, 0 |
| Ubuntu:18.04:LTS | linux-gcp | 5.0.0-1020.20~18.04.1, 4.15.0-1023.24, 4.15.0-1021.22 |
| Ubuntu:Pro:14.04:LTS | linux-azure | *, 4.15.0-1056.61~14.04.1, 4.15.0-1055.60~14.04.1 |
| Ubuntu:20.04:LTS | linux-hwe-5.13 | *, *, * |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-142.191, 3.13.0-83.127, 3.13.0-71.114 |
| Ubuntu:16.04:LTS | linux-oracle | 4.15.0-1018.20~16.04.1, 4.15.0-1017.19~16.04.2, 4.15.0-1015.17~16.04.1 |
| Ubuntu:20.04:LTS | linux-aws-5.11 | 5.11.0-1014.15~20.04.1, 5.11.0-1016.17~20.04.1, 5.11.0-1017.18~20.04.1 |
| Ubuntu:18.04:LTS | linux-gke-5.4 | 5.4.0-1053.56~18.04.1, 5.4.0-1052.55~18.04.1, 5.4.0-1051.54~18.04.1 |
| Ubuntu:16.04:LTS | linux-aws-hwe | *, 4.15.0-1032.34~16.04.1, 4.15.0-1033.35~16.04.1 |
| Ubuntu:22.04:LTS | linux-aws-5.19 | 5.19.0-1020.21~22.04.1, 5.19.0-1029.30~22.04.1, * |
| Ubuntu:16.04:LTS | linux | 4.4.0-130.156, 4.3.0-2.11, 4.3.0-1.10 |
…and 68 more
Timeline
- Feb 26, 2024 CVE Published
- Feb 27, 2024 EPSS Score
- Mar 25, 2024 EPSS Score
- Apr 20, 2024 EPSS Score
- May 17, 2024 EPSS Score
- Jun 13, 2024 EPSS Score
- Jul 10, 2024 EPSS Score
- Aug 6, 2024 EPSS Score
- Sep 1, 2024 EPSS Score
- Sep 28, 2024 EPSS Score
- Oct 25, 2024 EPSS Score
- Nov 20, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-25160 third-party-advisory
- https://git.kernel.org/linus/5578de4834fe0f2a34fedc7374be691443396d1f third-party-advisory
- https://git.kernel.org/stable/c/97bc3683c24999ee621d847c9348c75d2fe86272 third-party-advisory
- https://git.kernel.org/stable/c/c61d01faa5550e06794dcf86125ccd325bfad950 third-party-advisory
- https://git.kernel.org/stable/c/dc18101f95fa6e815f426316b8b9a5cee28a334e third-party-advisory
- https://git.kernel.org/stable/c/1c973f9c7cc2b3caae93192fdc8ecb3f0b4ac000 third-party-advisory
- https://git.kernel.org/stable/c/fcfe700acdc1c72eab231300e82b962bac2b2b2c third-party-advisory
- https://git.kernel.org/stable/c/e3713abc4248aa6bcc11173d754c418b02a62cbb third-party-advisory
- https://git.kernel.org/stable/c/fbf9578919d6c91100ec63acf2cba641383f6c78 third-party-advisory
- https://git.kernel.org/stable/c/5578de4834fe0f2a34fedc7374be691443396d1f third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-25160 third-party-advisory