CVE-2019-5108

CVE	CVE-2019-5108
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-12-23 19:15:00 UTC
Updated	2022-06-17 13:18:00 UTC
Description	An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

Problem Types: CWE-287

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Hardware	Netapp	8300	-	All	All	All
Operating System	Netapp	8300 Firmware	-	All	All	All
Hardware	Netapp	8700	-	All	All	All
Operating System	Netapp	8700 Firmware	-	All	All	All
Hardware	Netapp	A400	-	All	All	All
Operating System	Netapp	A400 Firmware	-	All	All	All
Hardware	Netapp	A700s	-	All	All	All
Operating System	Netapp	A700s Firmware	-	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Application	Netapp	Data Availability Services	-	All	All	All
Application	Netapp	E-series Santricity Os Controller	All	All	All	All
Hardware	Netapp	H610s	-	All	All	All
Operating System	Netapp	H610s Firmware	-	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Application	Netapp	Steelstore Cloud Integrated Storage	-	All	All	All
Application	Oracle	Sd-wan Edge	8.2	All	All	All

Reference	Source	Link	Tags
January 2020 Linux Kernel Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
USN-4286-2: Linux kernel (Xenial HWE) vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
USN-4286-1: Linux kernel vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
USN-4287-2: Linux kernel (Azure) vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
USN-4285-1: Linux kernel vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
Kernel Live Patch Security Notice LSN-0063-1 ≈ Packet Storm	MISC	packetstormsecurity.com
USN-4287-1: Linux kernel vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com
[SECURITY] [DLA 2241-2] linux security update	MLIST	lists.debian.org
TALOS-2019-0900 \|\| Cisco Talos Intelligence Group - Comprehensive Threat Intelligence	MISC	talosintelligence.com	Exploit, Third Party Advisory
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org
[SECURITY] [DLA 2242-1] linux-4.9 security update	MLIST	lists.debian.org
[SECURITY] [DLA 2241-1] linux security update	MLIST	lists.debian.org
Oracle Critical Patch Update Advisory - April 2021	MISC	www.oracle.com
Debian -- Security Information -- DSA-4698-1 linux	DEBIAN	www.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.