Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Adjacent_network
0

CVE-2019-3459

Disclosure Date: April 11, 2019
CVE-2019-3459 CVSS v3 Base Score: 6.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.5 Medium
Impact Score:
3.6
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Linux before 5.1-rc1
Linux fixed in 5.1-rc1
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • linux,
  • redhat

Products

  • codeready linux builder 8.0,
  • debian linux 8.0,
  • enterprise linux 5.0,
  • enterprise linux 6.0,
  • enterprise linux 7.0,
  • enterprise linux 8.0,
  • enterprise linux desktop 7.0,
  • enterprise linux eus 8.1,
  • enterprise linux eus 8.2,
  • enterprise linux eus 8.4,
  • enterprise linux for real time 7,
  • enterprise linux for real time 8,
  • enterprise linux for real time for nfv 7,
  • enterprise linux for real time for nfv 8,
  • enterprise linux for real time for nfv tus 8.2,
  • enterprise linux for real time for nfv tus 8.4,
  • enterprise linux for real time tus 8.2,
  • enterprise linux for real time tus 8.4,
  • enterprise linux server 7.0,
  • enterprise linux server aus 8.2,
  • enterprise linux server aus 8.4,
  • enterprise linux server tus 8.2,
  • enterprise linux server tus 8.4,
  • enterprise linux workstation 7.0,
  • enterprise mrg 2.0,
  • linux kernel,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04,
  • ubuntu linux 18.10

References

Canonical
CVE-2019-3459 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3459)
Advisory
[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460) (https://marc.info?l=oss-security&m=154721580222522&w=2)
[linux-bluetooth] 20190110 [PATCH 1/2] Bluetooth: check message types in l2cap_get_conf_opt (https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com)
https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
https://bugzilla.redhat.com/show_bug.cgi?id=1663176
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html
https://bugzilla.novell.com/show_bug.cgi?id=1120758
[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update (https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html)
[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update (https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html)
[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update (https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html)
[oss-security] 20190627 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/06/27/2)
[oss-security] 20190627 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/06/27/7)
[oss-security] 20190628 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/06/28/1)
[oss-security] 20190628 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/06/28/2)
https://access.redhat.com/errata/RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2029
[oss-security] 20190811 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/08/12/1)
https://access.redhat.com/errata/RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2020:0740

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis