CVE-2019-3460

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.openwall.com/lists/oss-security/2019/06/27/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/27/7 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/12/1 Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2029 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2043 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3517 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1663179 Mitigation Issue Tracking Third Party Advisory
https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0 Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html Mailing List Third Party Advisory
https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047%40kroah.com/
https://marc.info/?l=oss-security&m=154721580222522&w=2 Exploit Patch Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
History

07 Nov 2023, 03:09

Type Values Removed Values Added
References
  • {'url': 'https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/', 'name': '[linux-bluetooth] 20190110 [PATCH 2/2] Bluetooth: check the buffer size for some messages before parsing', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047%40kroah.com/ -

22 Apr 2022, 20:06

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
References (MLIST) http://www.openwall.com/lists/oss-security/2019/06/27/2 - (MLIST) http://www.openwall.com/lists/oss-security/2019/06/27/2 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2019/06/27/7 - (MLIST) http://www.openwall.com/lists/oss-security/2019/06/27/7 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2019/08/12/1 - (MLIST) http://www.openwall.com/lists/oss-security/2019/08/12/1 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2019/06/28/2 - (MLIST) http://www.openwall.com/lists/oss-security/2019/06/28/2 - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:2043 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:2043 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:3309 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:3309 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:2029 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:2029 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html - (MLIST) https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html - (MLIST) https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:3517 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:3517 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0740 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0740 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2019/06/28/1 - (MLIST) http://www.openwall.com/lists/oss-security/2019/06/28/1 - Mailing List, Third Party Advisory
First Time Redhat codeready Linux Builder
Redhat enterprise Linux For Real Time Tus
Redhat enterprise Linux Desktop
Redhat enterprise Linux Server
Redhat enterprise Linux For Real Time For Nfv
Redhat enterprise Linux Eus
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Workstation
Redhat enterprise Linux Server Aus
Redhat enterprise Linux
Redhat enterprise Linux For Real Time For Nfv Tus
Redhat enterprise Linux For Real Time
Redhat virtualization Host
Redhat
CWE CWE-200 CWE-20

21 Jul 2021, 11:39

Type Values Removed Values Added
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1663179 - Issue Tracking, Mitigation, Third Party Advisory (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1663179 - Mitigation, Issue Tracking, Third Party Advisory
Information

Published : 2019-04-11 16:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-3460

Mitre link : CVE-2019-3460

CVE.ORG link : CVE-2019-3460

JSON object : View

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_eus
  • enterprise_linux_server
  • enterprise_linux_desktop
  • enterprise_linux_server_tus
  • virtualization_host
  • enterprise_linux_for_real_time_tus
  • enterprise_linux_workstation
  • enterprise_linux_for_real_time
  • enterprise_linux_for_real_time_for_nfv
  • codeready_linux_builder
  • enterprise_linux_server_aus
  • enterprise_linux_for_real_time_for_nfv_tus

canonical

  • ubuntu_linux

debian

  • debian_linux

linux

  • linux_kernel
CWE
CWE-20

Improper Input Validation