CVE-2019-20422 Information

Description

In the Linux kernel before 5.3.4 fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision leading to (for example) a crash that was identified by syzkaller aka CID-7b09c2d052db.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa https://security.netapp.com/advisory/ntap-20200313-0003/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5