CVE-2019-25160: 
Linux Kernel vulnerability analysis and mitigation

CVE-2019-25160 is a vulnerability in the Linux kernel's netlabel subsystem, discovered and disclosed on February 26, 2024. The vulnerability involves two array out-of-bounds memory accesses, specifically in the cipso_v4_map_lvl_valid() and netlbl_bitmap_walk() functions. This security issue affects Linux kernel versions from 2.6.19 up to versions before various fixes were implemented (NVD).

The vulnerability consists of two array out-of-bounds memory access flaws in the netlabel driver module. The first occurs in the cipso_v4_map_lvl_valid() function, and the second in netlbl_bitmap_walk(). The issue has been assigned a CVSS v3.1 base score of 7.1 (High), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. The vulnerability is classified as CWE-125 (Out-of-bounds Read) (RedHat).

The vulnerability could lead to out-of-bounds memory access, potentially resulting in system crashes. For systems with Red Hat's protection mechanisms in place (such as FORTIFY_SOURCE, Position Independent Executables, or Stack Smashing Protection), some mitigation is provided against buffer overflows (RedHat).

Patches have been released to fix both array out-of-bounds memory accesses. For kernels prior to v4.8, the netlbl_bitmap_walk() patch should be applied to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8. Various Linux distributions have released fixed versions, including Ubuntu, Debian, and Red Hat Enterprise Linux (Kernel Patch).