CVE-2019-5108 - OpenCVE

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	Steelstore Cloud Integrated Storage A700s Firmware Hci Management Node 8300 Firmware A700s H610s Firmware Active Iq Unified Manager 8700 Cloud Backup H610s 8700 Firmware Solidfire Data Availability Services A400 A400 Firmware 8300 E-series Santricity Os Controller
Canonical	Ubuntu Linux
Debian	Debian Linux
Oracle	Sd-wan Edge
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Configuration 4 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*

Configuration 10 [-]

cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html	Third Party Advisory VDB Entry
https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e	Mailing List Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20200204-0002/	Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900	Exploit Third Party Advisory
https://usn.ubuntu.com/4285-1/	Third Party Advisory
https://usn.ubuntu.com/4286-1/	Third Party Advisory
https://usn.ubuntu.com/4286-2/	Third Party Advisory
https://usn.ubuntu.com/4287-1/	Third Party Advisory
https://usn.ubuntu.com/4287-2/	Third Party Advisory
https://www.debian.org/security/2020/dsa-4698	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory