CVE-2019-3459 (NVD)

2019-04-11

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

Products Ubuntu_linux, Debian_linux, Linux_kernel, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Enterprise_mrg
Type Out-of-bounds Read (CWE-125)
First patch - None (likely due to unavailable code)
Links https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html
https://access.redhat.com/errata/RHSA-2019:3309
http://www.openwall.com/lists/oss-security/2019/06/27/7
https://marc.info/?l=oss-security&m=154721580222522&w=2
https://access.redhat.com/errata/RHSA-2020:0740