ID CVE-2019-19339
Summary It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 19-10-2020 - 19:52)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 1782199
title CVE-2019-19339 kpatch: hw: incomplete fix for CVE-2018-12207
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • comment kernel version 0:4.18.0-147.el8 is currently running
        oval oval:com.redhat.rhsa:tst:20193936006
      • comment kernel version 0:4.18.0-147.el8 is set to boot up on next boot
        oval oval:com.redhat.rhsa:tst:20194245007
    • AND
      • comment kernel version equals 0:4.18.0-147.el8
        oval oval:com.redhat.rhsa:tst:20193936001
      • comment kernel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842002
      • OR
        • comment kpatch-patch not installed for 0:4.18.0-147.el8
          oval oval:com.redhat.rhsa:tst:20193936003
        • AND
          • comment kpatch-patch-4_18_0-147 is earlier than 0:1-4.el8
            oval oval:com.redhat.rhsa:tst:20194245004
          • comment kpatch-patch-4_18_0-147 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193936005
rhsa
id RHSA-2019:4245
released 2019-12-17
severity Important
title RHSA-2019:4245: kpatch-patch security update (Important)
rpms
  • kpatch-patch-4_18_0-147-0:1-4.el8
  • kpatch-patch-4_18_0-147-debuginfo-0:1-4.el8
  • kpatch-patch-4_18_0-147-debugsource-0:1-4.el8
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19339
Last major update 19-10-2020 - 19:52
Published 17-01-2020 - 19:15
Last modified 19-10-2020 - 19:52
Back to Top