Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2019-9213

Published: 05/03/2019 Updated: 12/10/2022
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 496
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Linux Kernel

Vulnerability Summary

In the Linux kernel prior to 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for malicious users to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

debian debian linux 8.0

redhat enterprise linux 7.0

redhat enterprise linux 8.0

opensuse leap 42.3

opensuse leap 15.0

canonical ubuntu linux 18.10

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

Vendor Advisories

Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel-alt security and bug fix update
Synopsis Important: kernel-alt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Amazon Linux AMI: ALAS-2019-1179
A kernel memory leak was found in the kernel_read_file() function in the fs/execc file in the Linux kernel An attacker could use this flaw to cause a memory leak and thus a denial of service (DoS) (CVE-2019-8980) A flaw was found in mmap in the Linux kernel allowing the process to map a null page This allows attackers to abuse this mechanism t ...
Amazon Linux 2: ALAS2-2019-1179
A kernel memory leak was found in the kernel_read_file() function in the fs/execc file in the Linux kernel An attacker could use this flaw to cause a memory leak and thus a denial of service (DoS)(CVE-2019-8980) A flaw was found in mmap in the Linux kernel allowing the process to map a null page This allows attackers to abuse this mechanism to ...
Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe, linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2019-9213
Impact: Moderate Public Date: 2019-02-27 CWE: CWE-476 Bugzilla: 1686136: CVE-2019-9213 kernel: lack of ...

Exploits

Exploit DB: Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences The problem is in the following code path: mem_write ...
Exploit DB: Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation
This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rdsko) Successful exploitation requires the RDS kernel module to be loaded If the RDS module is not blacklisted (default); then it will be loaded a ...

Mailing Lists

Full Disclosure: Re: Linux kernel: OOB R/W in SNMP NAT module (CVE-2019-9162); virtual address 0 mappable (CVE-2019-9213)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Linux kernel: OOB R/W in SNMP NAT module (CVE-2019-9162); virtual address 0 mappable (CVE-2019-9213) <!--X-Subject-Header- ...

Github Repositories

https://github.com/TheBeeMan/HappyHackingOnLinux

common exploits on linux

HapppyHackingOnLinux There are some diversity of collected vulnerabilities and its corresponding exploit skills vulnerabilities CVE identifier titile origin CVE-2019-9213 virtual address 0 is mappable via privileged write() to /proc/*/mem bugschromiumorg/p/project-zero/issues/detail?id=1792&amp;desc=2 exploits title desc origin Heap exploits off

https://github.com/HaleyWei/POC-available

POCs can run in some Linux kernel versions

POC-available POCs can run in some Linux kernel versions CVE-2019-11599 POC运行内核版本:462 运行方式: gcc -o coredump_helper coredump_helperc sudo /set_helpersh gcc -o dumpme dumpmec /dumpme 运行结果: 运行poc 通过dmesg查看日志 CVE-2019-9213 POC运行内核版本:462 运行方式: gcc -o nullmap nullmapc /nullmap 运行结果: CVE-

https://github.com/shizhongpwn/Skr_StudyEveryday

Study Everyday

Skr_StudyEveryday 在这里记录自己所学,每日更新,警醒自己别为懒惰找借口了,以前的就以周为单位了,中间有一段学的比较杂有点记不清了,从今天起以日为单位更新。 第一周(2020716-2020719):csapp及其lab csapp:第一章到第三章 csapp-lab:lab1到lab3 lab1:Data lab 使用&lt;&lt;,&

References

CWE-476https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105https://bugs.chromium.org/p/project-zero/issues/detail?id=1792http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1https://www.exploit-db.com/exploits/46502/http://www.securityfocus.com/bid/107296https://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.htmlhttps://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlhttps://usn.ubuntu.com/3933-2/https://usn.ubuntu.com/3932-2/https://usn.ubuntu.com/3932-1/https://usn.ubuntu.com/3931-2/https://usn.ubuntu.com/3931-1/https://usn.ubuntu.com/3930-2/https://usn.ubuntu.com/3930-1/https://usn.ubuntu.com/3933-1/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.htmlhttps://access.redhat.com/errata/RHSA-2019:0831https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlhttps://access.redhat.com/errata/RHSA-2019:1479https://access.redhat.com/errata/RHSA-2019:1480http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.htmlhttps://access.redhat.com/errata/RHSA-2019:1479https://nvd.nist.govhttps://www.exploit-db.com/exploits/46502https://github.com/TheBeeMan/HappyHackingOnLinuxhttps://alas.aws.amazon.com/ALAS-2019-1179.htmlhttps://usn.ubuntu.com/3930-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook