CVE-2019-18567

Description

Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.

CVSS breakdown

CVSS 3.0

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Affected products

Bromium / Bromium client4.0.3.2060 – 4.0.3.2060
Bromium / Bromium client?< 4.0.3.2060 – ?< 4.0.3.2060
Bromium / Bromium client?>= 4.0.3.2060 – ?>= 4.0.3.2060
Bromium / Bromium client< 4.1.7 Update 1 – < 4.1.7 Update 1

References

MISChttps://support.bromium.com/s/article/Bromium-Secure-Platform-4-1-Update-7-Released
MISChttps://airbus-cyber-security.com/dive-into-a-kernel-bromium-race-condition-cve-2019-18567