Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2019-3701First vendor Publication2019-01-03
VendorCveLast vendor Modification2019-05-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score4.9Attack RangeLocal
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3701

CWE : Common Weakness Enumeration

%idName
100 %CWE-787Out-of-bounds Write (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Os2
Os1
Os3000

Nessus® Vulnerability Scanner

DateDescription
2019-01-15Name : The remote Fedora host is missing one or more security updates.
File : fedora_2019-337484d88b.nasl - Type : ACT_GATHER_INFO
2019-01-15Name : The remote Fedora host is missing one or more security updates.
File : fedora_2019-b0f7a7b74b.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/106443
CONFIRM https://support.f5.com/csp/article/K17957133
MISC https://bugzilla.suse.com/show_bug.cgi?id=1120386
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa...
https://marc.info/?l=linux-netdev&m=154651842302479&w=2
https://marc.info/?l=linux-netdev&m=154661373531512&w=2
MLIST https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
UBUNTU https://usn.ubuntu.com/3932-1/
https://usn.ubuntu.com/3932-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
DateInformations
2019-05-15 17:19:11
  • Multiple Updates
2019-05-03 17:18:41
  • Multiple Updates
2019-04-25 00:19:05
  • Multiple Updates
2019-04-24 12:08:49
  • Multiple Updates
2019-04-12 21:19:08
  • Multiple Updates
2019-04-05 00:19:04
  • Multiple Updates
2019-04-03 09:19:29
  • Multiple Updates
2019-04-02 05:18:43
  • Multiple Updates
2019-03-29 09:19:03
  • Multiple Updates
2019-03-28 00:19:06
  • Multiple Updates
2019-02-16 12:09:08
  • Multiple Updates
2019-02-12 12:04:59
  • Multiple Updates
2019-01-04 17:20:00
  • Multiple Updates
2019-01-03 21:18:57
  • First insertion