Home > Vulnerability Database > CVE-2019-1010066

Mend.io Vulnerability Database

CVE-2019-1010066

Good to know:

Date: July 18, 2019

Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: Incorrect Access Control. The impact is: An attacker could modify model specific registers. The component is: ioctl handling. The attack vector is: An attacker could exploit a bug in ioctl interface whitelist checking, in order to write to model specific registers, normally a function reserved for the root user. The fixed version is: v1.2.0.

Language: C

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-1010066

Url: https://github.com/LLNL/msr-safe/compare/v1.1.0...v1.2.0

Url: https://www.tldp.org/LDP/lkmpg/2.4/html/x856.html

Url: https://www.mend.io/vulnerability-database/CVE-2019-1010066

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Improper Privilege Management

CWE-269

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version 1.2.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-1010066

Good to know:

Date: July 18, 2019

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?