How severe is CVE-2019-3701?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2019-3701?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2019-3701 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.

Related Vulnerabilities

CVE-2016-5238

MEDIUM

CVSS:4.4(Medium)

The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from th...

CWE-7872016

CVE-2020-12358

MEDIUM

CVSS:4.4(Medium)

Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

CWE-7872020

CVE-2020-24480

MEDIUM

CVSS:4.4(Medium)

Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access.

CWE-7872020

CVE-2021-20491

MEDIUM

CVSS:4.4(Medium)

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parame...

CWE-7872021

CVE-2022-36382

MEDIUM

CVSS:4.4(Medium)

Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before ver...

CWE-7872022

CVE-2022-41686

MEDIUM

CVSS:4.4(Medium)

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the ...

CWE-7872022