Home > Vulnerability Database > CVE-2019-5108

Mend.io Vulnerability Database

CVE-2019-5108

Date: December 23, 2019

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

Severity Score

6.5

Related Resources (19)

Url: https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-5108

Url: https://www.oracle.com/security-alerts/cpuApr2021.html

Url: http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html

Url: https://security-tracker.debian.org/tracker/CVE-2019-5108

Url: https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

Url: https://www.debian.org/security/2020/dsa-4698

Url: https://security.netapp.com/advisory/ntap-20200204-0002/

Url: https://usn.ubuntu.com/4287-2/

Url: https://usn.ubuntu.com/4286-1/

Url: https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e

Url: https://usn.ubuntu.com/4286-2/

Url: https://usn.ubuntu.com/4287-1/

Url: https://access.redhat.com/security/cve/CVE-2019-5108

Url: https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Url: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900

Url: https://usn.ubuntu.com/4285-1/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5108

Url: https://www.mend.io/vulnerability-database/CVE-2019-5108

Severity Score

6.5

Weakness Type (CWE)

Authentication Issues

CWE-287

Input Validation

CWE-20

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	3.3
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-5108

Date: December 23, 2019

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?