In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | Mailing List Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f | Exploit Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200204-0002/ | Third Party Advisory |
https://usn.ubuntu.com/4284-1/ | Third Party Advisory |
https://usn.ubuntu.com/4285-1/ | Third Party Advisory |
https://usn.ubuntu.com/4286-1/ | Third Party Advisory |
https://usn.ubuntu.com/4286-2/ | Third Party Advisory |
https://usn.ubuntu.com/4287-1/ | Third Party Advisory |
https://usn.ubuntu.com/4287-2/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
31 Mar 2022, 18:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp a700s
Netapp hci Management Node Netapp 8300 Firmware Debian debian Linux Netapp a400 Netapp e-series Santricity Os Controller Canonical ubuntu Linux Netapp Netapp a700s Firmware Netapp h610s Netapp 8700 Firmware Netapp 8700 Netapp 8300 Canonical Netapp cloud Backup Netapp active Iq Unified Manager Netapp data Availability Services Netapp a400 Firmware Debian Opensuse leap Netapp steelstore Cloud Integrated Storage Netapp h610s Firmware Netapp solidfire Opensuse |
|
CWE | CWE-476 | |
CPE | cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:* |
|
References | (UBUNTU) https://usn.ubuntu.com/4287-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4285-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4286-2/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4286-1/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4287-2/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4284-1/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200204-0002/ - Third Party Advisory |
Information
Published : 2019-12-25 04:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-19965
Mitre link : CVE-2019-19965
CVE.ORG link : CVE-2019-19965
JSON object : View
Products Affected
netapp
- 8300_firmware
- hci_management_node
- active_iq_unified_manager
- a700s
- cloud_backup
- h610s
- steelstore_cloud_integrated_storage
- 8300
- 8700
- 8700_firmware
- a400
- a700s_firmware
- h610s_firmware
- a400_firmware
- e-series_santricity_os_controller
- solidfire
- data_availability_services
debian
- debian_linux
linux
- linux_kernel
opensuse
- leap
canonical
- ubuntu_linux
CWE
CWE-476
NULL Pointer Dereference