Vulnerabilities > CVE-2019-20422 - Improper Handling of Exceptional Conditions vulnerability in Linux Kernel

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
CWE-755
NVD
Published: 2020-01-27
Updated: 2020-03-13

Summary

In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.

Vulnerable Configurations

Part Description Count
OS
Linux
4168

Common Weakness Enumeration (CWE)

References