Vulnerabilites related to netapp - fas8300_firmware
Vulnerability from fkie_nvd
Published
2021-03-26 17:15
Modified
2024-11-21 05:27
Severity ?
Summary
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1902724 | Issue Tracking, Patch, Third Party Advisory | |
secalert@redhat.com | https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948 | Patch, Third Party Advisory | |
secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210513-0006/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1902724 | Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210513-0006/ | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | 5.12 | |
linux | linux_kernel | 5.12 | |
linux | linux_kernel | 5.12 | |
linux | linux_kernel | 5.12 | |
linux | linux_kernel | 5.12 | |
redhat | enterprise_linux | 8.0 | |
netapp | a700s_firmware | - | |
netapp | a700s | - | |
netapp | brocade_fabric_operating_system_firmware | - | |
netapp | fas8300_firmware | - | |
netapp | fas8300 | - | |
netapp | fas8700_firmware | - | |
netapp | fas8700 | - | |
netapp | aff_a400_firmware | - | |
netapp | aff_a400 | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
netapp | h610c_firmware | - | |
netapp | h610c | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - | |
netapp | h615c_firmware | - | |
netapp | h615c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "40362FFA-6C99-41DB-AC04-5B835E7DE052", versionEndExcluding: "5.12", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*", matchCriteriaId: "75EB504D-4A83-4C67-9C8D-FD9C6C8EB4CD", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*", matchCriteriaId: "07875739-0CCB-4F48-9330-3D4B6A4064FA", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*", matchCriteriaId: "DA09B732-04F8-452C-94CF-97644E78684D", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.12:rc3:*:*:*:*:*:*", matchCriteriaId: "E5371152-7515-4908-BB7E-494805EA5DF2", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.12:rc4:*:*:*:*:*:*", matchCriteriaId: "D7788E5B-D54E-45BF-9043-2C7B77842FD0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "05BEB6DA-10B8-43D8-A527-68E26F4875CE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.", }, { lang: "es", value: "Se ha encontrado una posibilidad de fallo de condición de carrera y de inicialización incorrecta del id del proceso en el manejo del id del proceso child/parent del kernel de Linux mientras se filtran los manejadores de señales. Un atacante local es capaz de abusar de este fallo para omitir unas comprobaciones y enviar cualquier señal a un proceso privilegiado.", }, ], id: "CVE-2020-35508", lastModified: "2024-11-21T05:27:27.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-26T17:15:12.203", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1902724", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1902724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0006/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-665", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-665", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-17 06:15
Modified
2024-11-21 04:35
Severity ?
Summary
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | 5.0.21 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
debian | debian_linux | 9.0 | |
netapp | active_iq_unified_manager | * | |
netapp | data_availability_services | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | steelstore_cloud_integrated_storage | - | |
netapp | aff_a700s_firmware | - | |
netapp | aff_a700s | - | |
netapp | fas8300_firmware | - | |
netapp | fas8300 | - | |
netapp | fas8700_firmware | - | |
netapp | fas8700 | - | |
netapp | aff_a400_firmware | - | |
netapp | aff_a400 | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*", matchCriteriaId: "38A8931B-87F4-4F2A-87CE-AB8DD402BE9F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.", }, { lang: "es", value: "En el kernel de Linux versión 5.0.21, montar una imagen de sistema de archivos btrfs especialmente diseñada, realizar algunas operaciones y luego hacer una llamada al sistema syncfs puede conllevar a un uso de la memoria previamente liberada en la función __mutex_lock en el archivo kernel/lock/mutex.c. Esto está relacionado con la función mutex_can_spin_on_owner en el archivo kernel/lock/mutex.c, la función __btrfs_qgroup_free_meta en el archivo fs/btrfs/qgroup.c y la función btrfs_insert_delayed_items en el archivo fs/btrfs/delayed-inode.c.", }, ], id: "CVE-2019-19813", lastModified: "2024-11-21T04:35:26.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-17T06:15:12.780", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-10 00:15
Modified
2024-11-21 05:39
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
References
▼ | URL | Tags | |
---|---|---|---|
security@ubuntu.com | https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 | Issue Tracking, Third Party Advisory | |
security@ubuntu.com | https://security.netapp.com/advisory/ntap-20200430-0004/ | Third Party Advisory | |
security@ubuntu.com | https://usn.ubuntu.com/usn/usn-4302-1 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 | Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200430-0004/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-4302-1 | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CA79D39A-A5F2-4C44-A805-5113065F8C25", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*", matchCriteriaId: "4CA55FBD-6EBA-49C8-92BA-2B1BCCB18A3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "70ECC434-DF20-49A6-B4CF-D5CCA480E57D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*", matchCriteriaId: "232DC609-8023-41F9-8CE3-1B31CE2F2D93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a220_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B6BF1B-4586-402C-9719-00951F471729", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a220:-:*:*:*:*:*:*:*", matchCriteriaId: "11048EAF-AD8A-412A-9A28-0D6473F1C8E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a320_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0E964EA3-7EC3-43EB-AFC5-FABF0CF9E431", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a320:-:*:*:*:*:*:*:*", matchCriteriaId: "935CD814-5583-4A4D-BFB6-061778AE410A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_c190_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2B1BF6FA-1714-4324-B50C-9620B124277D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_c190:-:*:*:*:*:*:*:*", matchCriteriaId: "D3036472-8681-4C69-8635-0117CD52EA57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B7FD1DA9-7980-4643-B378-7095892DA176", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*", matchCriteriaId: "347E9E3E-941C-4109-B59F-B9BB05486B34", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AD661062-0D5B-4671-9D92-FEF8D7395C1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*", matchCriteriaId: "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_baseboard_management_controller_a220_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "66D1D168-9350-4300-B083-7D38B4B99CF2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_baseboard_management_controller_a220:-:*:*:*:*:*:*:*", matchCriteriaId: "49D2C8CB-0929-4E5E-AD54-0248B29754D7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_baseboard_management_controller_a320_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D8EDBFAE-45E1-43B5-B06B-C7004BBAC647", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_baseboard_management_controller_a320:-:*:*:*:*:*:*:*", matchCriteriaId: "F7F428DC-28B9-463A-9479-D04FD265A300", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_baseboard_management_controller_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "C8A8F194-9505-4E06-8BC5-F8D29E401D12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_baseboard_management_controller_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "C91D8734-0812-4053-80E3-035E21F6E0C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_baseboard_management_controller_a800_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89F3FF69-F575-4F6F-A568-A2C21367D417", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_baseboard_management_controller_a800:-:*:*:*:*:*:*:*", matchCriteriaId: "EE354DF1-66D5-47C8-9D53-BB65995E3505", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_baseboard_management_controller_c190_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "8D691577-989C-4C07-A7B7-71F1AE2AFEC0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_baseboard_management_controller_c190:-:*:*:*:*:*:*:*", matchCriteriaId: "8A4E1ADC-AE6E-433F-89BE-A65978109C8B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (\"The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.\") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.", }, { lang: "es", value: "Se detectó que la solución para el kernel de Linux en Ubuntu versión 18.04 LTS para CVE-2019-14615 (\"El kernel de Linux no borró apropiadamente las estructuras de datos en los conmutadores de contexto para determinados procesadores gráficos de Intel\") estaba incompleta, lo que significa que en las versiones de kernel anteriores a 4.15.0-91.92, un atacante podría usar esta vulnerabilidad para exponer información confidencial.", }, ], id: "CVE-2020-8832", lastModified: "2024-11-21T05:39:31.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "security@ubuntu.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-10T00:15:11.990", references: [ { source: "security@ubuntu.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200430-0004/", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/usn/usn-4302-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200430-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/usn/usn-4302-1", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@ubuntu.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-18 20:15
Modified
2024-11-21 06:08
Severity ?
Summary
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_5315y_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56862563-A4A5-4444-886D-E17C99A87142", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_5315y:-:*:*:*:*:*:*:*", matchCriteriaId: "6839AE9B-9A8A-4312-80FC-0549C675A815", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_5317_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108518D9-D227-4F36-AE60-A56355D09622", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_5317:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E7358-1EC1-43DA-99B3-A2D6D57E0121", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_5318n_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B12E1696-DE9D-40B5-97F1-E9157AED4A7F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_5318n:-:*:*:*:*:*:*:*", matchCriteriaId: "F2C5D3DE-5506-4F16-B7F9-5032A1277D23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_5318s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "315C9B38-2572-4B6A-A8AF-5D16553A3A30", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_5318s:-:*:*:*:*:*:*:*", matchCriteriaId: "ED598260-2A9B-46F7-AA85-0DA97DA0D42D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_5318y_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "8936DD6D-8039-4C46-BBC5-DD6A9F73A22E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_5318y:-:*:*:*:*:*:*:*", matchCriteriaId: "06F1CFD2-8F32-4CE8-9D9B-C65B332775B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_5320_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "48A5F3C2-DE31-48CC-A5DF-C7A9F9CD089A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_5320:-:*:*:*:*:*:*:*", matchCriteriaId: "7DD98889-58A1-4A5A-B79A-B2DA9EDA63DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_5320t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "57BA492F-6F69-4598-AAF1-156BF98F34E2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_5320t:-:*:*:*:*:*:*:*", matchCriteriaId: "EDA47606-176C-4F6B-A316-4C536B63FA4E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6312u_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6A1C9968-0AD3-4E96-A721-6EA6C0BF6209", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6312u:-:*:*:*:*:*:*:*", matchCriteriaId: "AF7D9572-8D03-4D54-B0E1-C0A3F3F90FCF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6314u_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA147EA-C92A-4255-948E-070616C09BC2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6314u:-:*:*:*:*:*:*:*", matchCriteriaId: "FE3CA224-B5DE-4451-9CF9-929ABEA242EF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6326_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB165123-26C6-4D9F-90DA-96112B628702", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6326:-:*:*:*:*:*:*:*", matchCriteriaId: "A3D8E340-AE91-4F29-9F22-E0CE6718FC13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6330_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5ABB6218-E238-41F2-B349-8AF4B8DE6898", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6330:-:*:*:*:*:*:*:*", matchCriteriaId: "FB1ACDED-85B4-4A11-BD03-8E1B9563B7F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6330n_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CCC28C3D-B261-4554-B944-4C2E56EBE8EB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6330n:-:*:*:*:*:*:*:*", matchCriteriaId: "20821868-F7D2-4132-8D63-98E1089DB46C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6334_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AEE9B3EC-2D8F-4167-9331-23EA64E2B631", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6334:-:*:*:*:*:*:*:*", matchCriteriaId: "4EB9295A-8832-4670-B268-FBD0BC086447", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6336y_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2CAA2CF5-808C-4157-A730-4301ED88B659", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6336y:-:*:*:*:*:*:*:*", matchCriteriaId: "489BD4AC-50C6-422B-A2B2-00A70E611114", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6338_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CAF70C32-227B-4263-8BE8-73F876B3A465", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6338:-:*:*:*:*:*:*:*", matchCriteriaId: "C5694238-F4E5-4689-ADD2-67C25762ED92", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6338n_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7C3E8BF2-E5D5-490B-B3CE-EF47DD5E259A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6338n:-:*:*:*:*:*:*:*", matchCriteriaId: "A57D44C0-AA8D-46B0-8923-ADB312E3937F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6338t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "3ECF4055-8163-47A2-9767-D4CC0D34CCDB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6338t:-:*:*:*:*:*:*:*", matchCriteriaId: "3A551BBB-76CD-4C26-913F-B02C66E5D846", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6342_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "03D1BED9-6173-4AC4-9453-9781EEC83E84", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6342:-:*:*:*:*:*:*:*", matchCriteriaId: "8A4A44F2-68BF-4709-946B-C976DA3A9C7E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6346_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6159A5FD-F734-4557-BA2A-214B2570C58E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6346:-:*:*:*:*:*:*:*", matchCriteriaId: "038AC553-5523-4687-843D-6FEA7264EDEA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6348_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "53075C98-C062-4338-BD9B-4013ED9E139C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6348:-:*:*:*:*:*:*:*", matchCriteriaId: "8DE5D09C-3272-4810-9F41-97BDBBFE4160", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6354_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2F273BA3-F5B3-4970-8759-C5069845EAD5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6354:-:*:*:*:*:*:*:*", matchCriteriaId: "F14C3438-B876-45B9-85F5-61354207AF8A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8351n_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "E2ED7EDF-A382-4E0D-BF3B-638D0F8830CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8351n:-:*:*:*:*:*:*:*", matchCriteriaId: "D7C504C3-7EEE-4A0F-8589-19C1E806E690", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8352m_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "E1E2981E-8DCA-4DB7-8E5B-B0D94B508303", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8352m:-:*:*:*:*:*:*:*", matchCriteriaId: "5230F6AF-88CB-4EE2-B292-8B9A7217D10F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8352s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "441CAAE3-9CC4-4C78-A4A3-CCCDDF2D9F24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8352s:-:*:*:*:*:*:*:*", matchCriteriaId: "5B45C39D-03E8-46C1-88DD-94E382F4A961", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8352v_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "79B26858-BA9D-4DC4-B19F-A37D98E5D567", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8352v:-:*:*:*:*:*:*:*", matchCriteriaId: "EF2DC691-025A-441E-AAC2-C8583F54733D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8352y_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A2FACD9F-6BB6-4D8C-9E35-0EDCD900C20B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8352y:-:*:*:*:*:*:*:*", matchCriteriaId: "E8FB7EE6-6808-4879-A0A3-E85FE5CB37CF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8358_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "8710FEA6-3A6D-4F2E-8E41-57CC96231A5C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8358:-:*:*:*:*:*:*:*", matchCriteriaId: "CCE086F8-5C8B-4F0C-B53A-76BD4E67B678", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8358p_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A6CF7B9C-80B6-4E9A-B581-A7E8D0B493FA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8358p:-:*:*:*:*:*:*:*", matchCriteriaId: "00B21B5C-0FDE-4A8E-A9FC-5CF822A74B20", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8360y_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ACE0C287-92FB-4BF2-B30D-0525C4266536", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8360y:-:*:*:*:*:*:*:*", matchCriteriaId: "9E41414A-6B0B-4511-A9A1-7FF99DD25DB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8362_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CB219989-055E-4D04-8738-7AF4E66E3A57", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8362:-:*:*:*:*:*:*:*", matchCriteriaId: "91EB66B4-8F1B-4F35-9371-17FB761997CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8368_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A150305A-B59C-4C93-B0CB-93A6F408334F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8368:-:*:*:*:*:*:*:*", matchCriteriaId: "CBDFD1AF-2716-4C95-ADFF-79EFA915C286", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8368q_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A443FB47-021C-4B5F-84D2-C2612DDF5893", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8368q:-:*:*:*:*:*:*:*", matchCriteriaId: "5390A12B-80BD-4889-BF0F-95E65D10D037", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8380_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B5EAD7AA-B67C-4864-94D3-DBE56119A667", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8380:-:*:*:*:*:*:*:*", matchCriteriaId: "33FA0279-D587-471E-8EC0-211F78DA4DFD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_silver_4309y_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0EBE15F3-8B56-444A-9956-7FC9AF7D3345", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_silver_4309y:-:*:*:*:*:*:*:*", matchCriteriaId: "EB267830-FA6E-4C2E-8BBE-C3DA12A6A33D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_silver_4310_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "678E18FE-BA19-4C86-ADF4-B776318F5D12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_silver_4310:-:*:*:*:*:*:*:*", matchCriteriaId: "D557D68C-8279-4BFD-9EA6-17A83754B8FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_silver_4310t_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "156C3A26-74CB-4E99-AE8A-5B49424AB857", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_silver_4310t:-:*:*:*:*:*:*:*", matchCriteriaId: "7ECA0BC9-1CA4-4B95-B98F-9098B2550309", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_silver_4314_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A58CEC44-41C3-44FA-A512-CE0B59F4B294", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_silver_4314:-:*:*:*:*:*:*:*", matchCriteriaId: "1298CF87-124D-450B-928D-F39CCA2BAF42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_silver_4316_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "446A632A-3B5E-490B-BF69-91190885380F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_silver_4316:-:*:*:*:*:*:*:*", matchCriteriaId: "AF12820F-A2BE-44BF-A85D-7F4623898DAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6330h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "73DEE8C8-6216-47C1-A5E9-007842AF111D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6330h:-:*:*:*:*:*:*:*", matchCriteriaId: "D6C4A47D-7F66-4ACC-9C69-0A355D46CDC1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8356h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "3816252E-5421-442E-B8F3-C3A6B78F3B6E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8356h:-:*:*:*:*:*:*:*", matchCriteriaId: "BB6DEAA1-3209-4B49-B931-43E8C1C5BE14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8360h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A5D03D31-328A-4AD5-88D4-037A4317F61D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8360h:-:*:*:*:*:*:*:*", matchCriteriaId: "EB15368B-21A1-429E-8B9C-A095C4E8BA67", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8360hl_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "22EB43AC-A091-4FF6-AE2D-FCCBFF49B7BD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8360hl:-:*:*:*:*:*:*:*", matchCriteriaId: "BA925F96-6DDD-4F71-BF13-710C8A89D860", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_5318h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "BD8048C0-45BB-4532-BD0C-98C8723C7862", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_5318h:-:*:*:*:*:*:*:*", matchCriteriaId: "43808CCF-1EF0-41CE-983D-DD6BB775895E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_5320h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D25841AF-F1D2-4862-826F-A194B843B86E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_5320h:-:*:*:*:*:*:*:*", matchCriteriaId: "3BF1F73B-4736-40BC-9053-951B5BF1059E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6328h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "8BBC16B4-09E6-4122-9A7D-B2DD0C82C1BA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6328h:-:*:*:*:*:*:*:*", matchCriteriaId: "710DBCD5-788D-4140-AC16-EC6E126CFA66", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6328hl_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2CAF6929-D8FE-4A6E-BB9F-E736680487B7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6328hl:-:*:*:*:*:*:*:*", matchCriteriaId: "A767EC83-AAED-4FEA-A35E-A503369FE4FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_gold_6348h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0EBE74D3-855F-4726-B265-A7DF93121A94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_gold_6348h:-:*:*:*:*:*:*:*", matchCriteriaId: "59C5122F-D822-4E71-A417-88EB51F1786B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8353h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "9373835F-E7B5-442F-B11A-A46771B2D695", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8353h:-:*:*:*:*:*:*:*", matchCriteriaId: "EBE07EA7-4CDF-4038-A948-6AC126C7F6AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8354h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "574533C8-52E2-445A-8C57-2357892468EF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8354h:-:*:*:*:*:*:*:*", matchCriteriaId: "06A2241C-37AE-41AE-A8D1-D9AB18CCE16D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8376h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7428FE4A-4CA2-44AA-A412-81C6CC15FA04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8376h:-:*:*:*:*:*:*:*", matchCriteriaId: "C1D6444A-B9CF-4D70-A8A9-E6B57B6F13DE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8376hl_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D3506304-A3F5-482B-BFB9-2C4E0D5D8D94", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8376hl:-:*:*:*:*:*:*:*", matchCriteriaId: "05637A96-AF09-4FF5-A918-AB369AA2D1CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8380h_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0AA8576-BB5B-4128-92B3-50F839A5305B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8380h:-:*:*:*:*:*:*:*", matchCriteriaId: "D1CC27DB-11D4-412A-BC69-CF32A0CABCF8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:xeon_platinum_8380hl_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "896731D5-B752-49F5-BD8E-924385C0E6F8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:xeon_platinum_8380hl:-:*:*:*:*:*:*:*", matchCriteriaId: "E8FE9694-F0E7-4B45-82A1-065DA96B9794", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_c190_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2B1BF6FA-1714-4324-B50C-9620B124277D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_c190:-:*:*:*:*:*:*:*", matchCriteriaId: "D3036472-8681-4C69-8635-0117CD52EA57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a200_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "31ABF503-E2B0-403C-AB29-B4C64B123AD0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a200:-:*:*:*:*:*:*:*", matchCriteriaId: "384862FA-04F7-4274-AFAA-5A52EBA414BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a220_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B6BF1B-4586-402C-9719-00951F471729", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a220:-:*:*:*:*:*:*:*", matchCriteriaId: "11048EAF-AD8A-412A-9A28-0D6473F1C8E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0D5DE972-F8B8-4964-943A-DA0BD18289D1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*", matchCriteriaId: "D4B1F59C-6ADA-4930-834F-2A8A8444F6AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "C1A5F681-2405-4BE8-A901-8D3C442469F0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a300:-:*:*:*:*:*:*:*", matchCriteriaId: "322ECF2A-D5B6-4DE7-A3DE-B1CDCBD81BE7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a320_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0E964EA3-7EC3-43EB-AFC5-FABF0CF9E431", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a320:-:*:*:*:*:*:*:*", matchCriteriaId: "935CD814-5583-4A4D-BFB6-061778AE410A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D951E97B-FA55-4F47-86DD-856A71C66379", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700:-:*:*:*:*:*:*:*", matchCriteriaId: "51DCEEBB-A1E0-4BE8-B5DB-5CD0E125C79D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a800_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2B22EC3E-90AE-470D-96DF-FF269BE00684", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a800:-:*:*:*:*:*:*:*", matchCriteriaId: "DC9E0111-800E-458C-AB34-5C2B58B2E2AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a900_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "DBA009F1-7E37-4A83-97CD-34E70F2CA27C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a900:-:*:*:*:*:*:*:*", matchCriteriaId: "8C2F6BB7-F4AD-437D-887B-256558EA608A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D704D376-727D-4D21-95BF-75BD3BA2736B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas500f:-:*:*:*:*:*:*:*", matchCriteriaId: "25863268-FCCA-451F-8FAD-33CD3CEB5EAE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas2600_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FF726C98-3A5D-41F0-9C3F-CF8B1A8D72B2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas2600:-:*:*:*:*:*:*:*", matchCriteriaId: "25F6E92A-16A1-4F77-A1DB-5089326B2D4C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas2700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "C2E83344-81C0-4DAF-9DB6-AF653E45E35B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas2700:-:*:*:*:*:*:*:*", matchCriteriaId: "025D0B4D-41A2-4139-8012-0B1DDB4BE0FA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8200_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FEA491C7-E60E-427D-AEB8-BD982B9C8090", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8200:-:*:*:*:*:*:*:*", matchCriteriaId: "7C11AF0B-3407-45C7-A3AD-ED46A29D0262", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas9000_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "E185F537-1EFD-4DDB-9C02-3038DBF2334E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas9000:-:*:*:*:*:*:*:*", matchCriteriaId: "0DC878FC-C026-4EE9-8B4C-26188B59F7DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas9500_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "8C087FDD-57EF-48A4-BE07-DE04FFEDDAAD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas9500:-:*:*:*:*:*:*:*", matchCriteriaId: "49CBCF60-BF4F-48E3-A41D-08F16C1A7DB7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.", }, { lang: "es", value: "Una escritura fuera de límites en el firmware de la BIOS para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente una escalada de privilegios por medio de acceso local.", }, ], id: "CVE-2021-33060", lastModified: "2024-11-21T06:08:13.173", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-18T20:15:09.457", references: [ { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0004/", }, { source: "secure@intel.com", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "22BF102C-6F4F-4F6F-BDC4-CA17FDC10DF5", versionEndExcluding: "5.3.16", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "989D0C5E-C0BF-49D8-86E2-91A93238FD1E", versionEndExcluding: "5.4.3", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.5:rc1:*:*:*:*:*:*", matchCriteriaId: "17CCD88F-373D-4BB5-B62E-8B55B05E2C31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.", }, { lang: "es", value: "Una pérdida de memoria en la función crypto_reportstat() en el archivo crypto/crypto_user_stat.c en el kernel de Linux versiones hasta 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función crypto_reportstat_alg(), también se conoce como CID-c03b04dcdba1.", }, ], id: "CVE-2019-19050", lastModified: "2024-11-21T04:34:04.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:11.700", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4258-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4284-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4258-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4284-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-28 00:15
Modified
2024-11-21 04:34
Severity ?
Summary
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | 5.0.21 | |
linux | linux_kernel | 5.3.11 | |
opensuse | leap | 15.1 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
debian | debian_linux | 9.0 | |
netapp | active_iq_unified_manager | * | |
netapp | data_availability_services | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | steelstore_cloud_integrated_storage | - | |
netapp | aff_a700s_firmware | - | |
netapp | aff_a700s | - | |
netapp | fas8300_firmware | - | |
netapp | fas8300 | - | |
netapp | fas8700_firmware | - | |
netapp | fas8700 | - | |
netapp | aff_a400_firmware | - | |
netapp | aff_a400 | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*", matchCriteriaId: "38A8931B-87F4-4F2A-87CE-AB8DD402BE9F", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3CE994B0-FDDE-4646-A4F8-79D15C7C389A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,", }, { lang: "es", value: "En el kernel de Linux versión 5.3.11, montar una imagen btrfs especialmente diseñada dos veces puede causar un uso de la memoria previamente liberada de la función rwsem_down_write_slowpath porque (en la función rwsem_can_spin_on_owner en el archivo kernel/locking/rwsem.c) la función rwsem_owner_flags devuelve un puntero ya liberado.", }, ], id: "CVE-2019-19318", lastModified: "2024-11-21T04:34:34.033", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-28T00:15:11.143", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-17 06:15
Modified
2024-11-21 04:35
Severity ?
Summary
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
debian | debian_linux | 9.0 | |
netapp | active_iq_unified_manager | * | |
netapp | data_availability_services | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | steelstore_cloud_integrated_storage | - | |
netapp | aff_a700s_firmware | - | |
netapp | aff_a700s | - | |
netapp | fas8300_firmware | - | |
netapp | fas8300 | - | |
netapp | fas8700_firmware | - | |
netapp | fas8700 | - | |
netapp | aff_a400_firmware | - | |
netapp | aff_a400 | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "A3E59A1A-A752-4A1B-96FE-2124B194DF86", versionEndExcluding: "4.4.247", versionStartIncluding: "2.6.12", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1CB2AD74-FC25-445A-9CBA-077507F71EEE", versionEndExcluding: "4.9.247", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8E1DD832-A30E-4B33-BC22-FAC243C26B4D", versionEndExcluding: "4.14.210", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "924A83F4-1C2A-4B17-8E73-A155635FC9EA", versionEndExcluding: "4.19.137", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9ECB3CBC-52A5-4B2C-AFFA-13E37D77461A", versionEndExcluding: "5.2", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.", }, { lang: "es", value: "En el kernel de Linux versión 5.0.21, montar una imagen del sistema de archivos btrfs especialmente diseñada y realizar algunas operaciones puede causar un acceso de escritura fuera de límites en la función __btrfs_map_block en el archivo fs/btrfs/volumes.c, porque un valor de 1 para el número de franjas de datos es mal manejado.", }, ], id: "CVE-2019-19816", lastModified: "2024-11-21T04:35:26.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-17T06:15:12.907", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-07 14:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | 5.1 | |
linux | linux_kernel | 5.1 | |
linux | linux_kernel | 5.1 | |
linux | linux_kernel | 5.1 | |
linux | linux_kernel | 5.1 | |
linux | linux_kernel | 5.1 | |
linux | linux_kernel | 5.1 | |
opensuse | leap | 15.0 | |
opensuse | leap | 15.1 | |
redhat | enterprise_linux | 7.0 | |
netapp | active_iq_unified_manager | - | |
netapp | data_availability_services | - | |
netapp | e-series_santricity_os_controller | * | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | steelstore_cloud_integrated_storage | - | |
netapp | hci_compute_node | - | |
netapp | hci_storage_node | - | |
broadcom | fabric_operating_system | - | |
netapp | aff_a700s_firmware | - | |
netapp | aff_a700s | - | |
netapp | fas8300_firmware | - | |
netapp | fas8300 | - | |
netapp | fas8700_firmware | - | |
netapp | fas8700 | - | |
netapp | aff_a400_firmware | - | |
netapp | aff_a400 | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "49884052-E8FD-49E4-A9F3-D0964EB0AC31", versionEndExcluding: "4.4.180", versionStartIncluding: "4.4", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "DF6AB36D-D9AC-4381-88AF-CC4FDA5EC98E", versionEndExcluding: "4.9.172", versionStartIncluding: "4.9", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B3562ABD-4F11-4BD1-9BBD-417B7BC9BCF3", versionEndExcluding: "4.14.115", versionStartIncluding: "4.14", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "48FBE002-61C1-4569-B850-E15BD2DBA143", versionEndExcluding: "4.19.38", versionStartIncluding: "4.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C23FEFDF-76B5-46C0-9481-CE70EBDB7BFE", versionEndExcluding: "5.0.11", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "2258D313-BAF7-482D-98E0-79F2A448287B", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*", matchCriteriaId: "1578A37C-C7CC-4B36-8668-6A1AED63B0A8", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*", matchCriteriaId: "49BD6839-AB64-48DA-9D1D-18B4508AF652", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*", matchCriteriaId: "A1E5129A-F85C-432A-988D-6C3ED03EC04D", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*", matchCriteriaId: "0669A9F1-3BFF-4E5A-BEF7-9F2A627CEF03", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*", matchCriteriaId: "9CC18FCC-3F69-4A7E-9F29-4C4504E83B4D", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc7:*:*:*:*:*:*", matchCriteriaId: "12A5D914-5CEB-4D3F-A903-6F1FAD82A125", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.", }, { lang: "es", value: "Se detectó un problema en el archivo net/ipv4/sysctl_net_ipv4.c en el kernel de Linux versiones anteriores a 5.0.11. Se presenta un desbordamiento de enteros firmado del archivo net/ipv4/tcp_input.c en la función tcp_ack_update_rtt() cuando el espacio de usuario escribe un entero muy grande en /proc/sys/net/ipv4/tcp_min_rtt_wlen, lo que conlleva a una denegación de servicio o posiblemente a otro impacto no especificado, también se conoce como CID -19fad20d15a6.", }, ], id: "CVE-2019-18805", lastModified: "2024-11-21T04:33:36.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-07T14:15:11.067", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0740", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | Release Notes, Vendor Advisory | |
cve@mitre.org | https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | Patch, Third Party Advisory | |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
cve@mitre.org | https://usn.ubuntu.com/4208-1/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | Release Notes, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4208-1/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "316A2191-9BA1-4C58-A61C-29F91E2CF3B7", versionEndExcluding: "5.3.9", versionStartIncluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.4:rc1:*:*:*:*:*:*", matchCriteriaId: "AD561918-619D-4363-8330-53B4B903D2CE", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.4:rc2:*:*:*:*:*:*", matchCriteriaId: "DCF307A4-6CF2-43FA-94E5-2EBB1033634B", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.4:rc3:*:*:*:*:*:*", matchCriteriaId: "72D64137-DAA7-40C0-8BAD-9DBCB285BC00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.", }, { lang: "es", value: "Una pérdida de memoria en la función fastrpc_dma_buf_attach() en el archivo drivers/misc/fastrpc.c en el kernel de Linux versiones anteriores a la versión 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función dma_get_sgtable(), también se conoce como CID-fc739a058d99.", }, ], id: "CVE-2019-19069", lastModified: "2024-11-21T04:34:07.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:12.920", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4208-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4208-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2019-19816
Vulnerability from cvelistv5
Published
2019-12-17 05:58
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
References
▼ | URL | Tags |
---|---|---|
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20200103-0001/ | x_refsource_CONFIRM | |
https://usn.ubuntu.com/4414-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:25:12.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4414-1/", }, { name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-09T20:06:36", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4414-1/", }, { name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19816", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816", refsource: "MISC", url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816", }, { name: "https://security.netapp.com/advisory/ntap-20200103-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { name: "USN-4414-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4414-1/", }, { name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19816", datePublished: "2019-12-17T05:58:39", dateReserved: "2019-12-16T00:00:00", dateUpdated: "2024-08-05T02:25:12.674Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33060
Vulnerability from cvelistv5
Published
2022-08-18 19:58
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
References
▼ | URL | Tags |
---|---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220930-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Processors |
Version: See references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:42:19.139Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220930-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Intel(R) Processors", vendor: "n/a", versions: [ { status: "affected", version: "See references", }, ], }, ], descriptions: [ { lang: "en", value: "Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.", }, ], problemTypes: [ { descriptions: [ { description: "escalation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-30T15:06:10", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220930-0004/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2021-33060", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Intel(R) Processors", version: { version_data: [ { version_value: "See references", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "escalation of privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html", refsource: "MISC", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html", }, { name: "https://security.netapp.com/advisory/ntap-20220930-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220930-0004/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2021-33060", datePublished: "2022-08-18T19:58:06", dateReserved: "2021-05-18T00:00:00", dateUpdated: "2024-08-03T23:42:19.139Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19069
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | x_refsource_MISC | |
https://usn.ubuntu.com/4208-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:38.170Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { name: "USN-4208-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4208-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-05T04:06:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { name: "USN-4208-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4208-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19069", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { name: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { name: "USN-4208-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4208-1/", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19069", datePublished: "2019-11-18T05:24:14", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:38.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8832
Vulnerability from cvelistv5
Published
2020-04-09 23:50
Modified
2024-09-17 02:51
Severity ?
EPSS score ?
Summary
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
References
▼ | URL | Tags |
---|---|---|
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 | x_refsource_MISC | |
https://usn.ubuntu.com/usn/usn-4302-1 | vendor-advisory, x_refsource_UBUNTU | |
https://security.netapp.com/advisory/ntap-20200430-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Ubuntu | 18.04 LTS (bionic) Linux kernel |
Version: 4.15.x kernels < 4.15.0-91.92 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:12:10.848Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840", }, { name: "USN-4302-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/usn/usn-4302-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200430-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "18.04 LTS (bionic) Linux kernel", vendor: "Ubuntu", versions: [ { lessThan: "4.15.0-91.92", status: "affected", version: "4.15.x kernels", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Gregory Herrero", }, ], datePublic: "2020-03-05T00:00:00", descriptions: [ { lang: "en", value: "The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (\"The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.\") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Information Exposure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-30T18:06:07", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840", }, { name: "USN-4302-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/usn/usn-4302-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200430-0004/", }, ], solutions: [ { lang: "en", value: "Update to linux kernel 4.15.0-91.92 or newer, or apply the following commits:\n\n (20ccd4d3f689ac14dce8632d76769be0ac952060) drm/i915: Use same test for eviction and submitting kernel context\n (1803fcbca2e444f7972430c4dc1c3e98c6ee1bc9) drm/i915: Define an engine class enum for the uABI\n (ae6c4574782dbfebcbf1f7e3620bcaf58ceb69e3) drm/i915: Force the switch to the i915->kernel_context\n (f58d13d5717938d4dfcc82a2eeba0a6d7644f6e5) drm/i915: Move GT powersaving init to i915_gem_init()\n (cc6a818ad6bdb0d3008314cbd0fc9c9a2cd02695) drm/i915: Move intel_init_clock_gating() to i915_gem_init()\n (d378a3efb819e6d1992127122d957337571b4594) drm/i915: Inline intel_modeset_gem_init()\n (f4e15af7e21861445821d5f09922ef7e695269a1) drm/i915: Mark the context state as dirty/written\n (d2b4b97933f5adacfba42dc3b9200d0e21fbe2c4) drm/i915: Record the default hw state after reset upon load", }, ], source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840", ], discovery: "EXTERNAL", }, title: "Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", DATE_PUBLIC: "2020-03-05T00:00:00.000Z", ID: "CVE-2020-8832", STATE: "PUBLIC", TITLE: "Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "18.04 LTS (bionic) Linux kernel", version: { version_data: [ { version_affected: "<", version_name: "4.15.x kernels", version_value: "4.15.0-91.92", }, ], }, }, ], }, vendor_name: "Ubuntu", }, ], }, }, credit: [ { lang: "eng", value: "Gregory Herrero", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (\"The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.\") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200 Information Exposure", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840", refsource: "MISC", url: "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840", }, { name: "USN-4302-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/usn/usn-4302-1", }, { name: "https://security.netapp.com/advisory/ntap-20200430-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200430-0004/", }, ], }, solution: [ { lang: "en", value: "Update to linux kernel 4.15.0-91.92 or newer, or apply the following commits:\n\n (20ccd4d3f689ac14dce8632d76769be0ac952060) drm/i915: Use same test for eviction and submitting kernel context\n (1803fcbca2e444f7972430c4dc1c3e98c6ee1bc9) drm/i915: Define an engine class enum for the uABI\n (ae6c4574782dbfebcbf1f7e3620bcaf58ceb69e3) drm/i915: Force the switch to the i915->kernel_context\n (f58d13d5717938d4dfcc82a2eeba0a6d7644f6e5) drm/i915: Move GT powersaving init to i915_gem_init()\n (cc6a818ad6bdb0d3008314cbd0fc9c9a2cd02695) drm/i915: Move intel_init_clock_gating() to i915_gem_init()\n (d378a3efb819e6d1992127122d957337571b4594) drm/i915: Inline intel_modeset_gem_init()\n (f4e15af7e21861445821d5f09922ef7e695269a1) drm/i915: Mark the context state as dirty/written\n (d2b4b97933f5adacfba42dc3b9200d0e21fbe2c4) drm/i915: Record the default hw state after reset upon load", }, ], source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2020-8832", datePublished: "2020-04-09T23:50:17.178011Z", dateReserved: "2020-02-10T00:00:00", dateUpdated: "2024-09-17T02:51:41.129Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19813
Vulnerability from cvelistv5
Published
2019-12-17 05:43
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20200103-0001/ | x_refsource_CONFIRM | |
https://usn.ubuntu.com/4414-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:25:12.703Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4414-1/", }, { name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-09T20:06:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4414-1/", }, { name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19813", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813", refsource: "MISC", url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813", }, { name: "https://security.netapp.com/advisory/ntap-20200103-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { name: "USN-4414-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4414-1/", }, { name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19813", datePublished: "2019-12-17T05:43:52", dateReserved: "2019-12-16T00:00:00", dateUpdated: "2024-08-05T02:25:12.703Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19318
Vulnerability from cvelistv5
Published
2019-11-27 23:41
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
References
▼ | URL | Tags |
---|---|---|
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20200103-0001/ | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | vendor-advisory, x_refsource_SUSE | |
https://usn.ubuntu.com/4414-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:47.014Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { name: "openSUSE-SU-2020:0336", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4414-1/", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-09T20:06:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { name: "openSUSE-SU-2020:0336", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4414-1/", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19318", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318", refsource: "MISC", url: "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318", }, { name: "https://security.netapp.com/advisory/ntap-20200103-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200103-0001/", }, { name: "openSUSE-SU-2020:0336", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { name: "USN-4414-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4414-1/", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19318", datePublished: "2019-11-27T23:41:36", dateReserved: "2019-11-26T00:00:00", dateUpdated: "2024-08-05T02:16:47.014Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35508
Vulnerability from cvelistv5
Published
2021-03-26 16:45
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1902724 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210513-0006/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:08.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1902724", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210513-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "n/a", versions: [ { status: "affected", version: "kernel 5.12", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-665", description: "CWE-665", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-13T20:06:08", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1902724", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210513-0006/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-35508", datePublished: "2021-03-26T16:45:18", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-04T17:02:08.050Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19050
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
References
▼ | URL | Tags |
---|---|---|
https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ | vendor-advisory, x_refsource_FEDORA | |
https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
https://usn.ubuntu.com/4258-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html | x_refsource_MISC | |
https://usn.ubuntu.com/4284-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:38.133Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4258-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4258-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { name: "USN-4284-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4284-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-02T20:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4258-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4258-1/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { name: "USN-4284-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4284-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19050", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { name: "FEDORA-2019-021c968423", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4258-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4258-1/", }, { name: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { name: "USN-4284-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4284-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19050", datePublished: "2019-11-18T05:23:47", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:38.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18805
Vulnerability from cvelistv5
Published
2019-11-07 13:08
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78 | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html | vendor-advisory, x_refsource_SUSE | |
https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2020:0740 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:02:39.538Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { name: "openSUSE-SU-2019:2503", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { name: "openSUSE-SU-2019:2507", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "RHSA-2020:0740", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0740", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-11T11:06:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { name: "openSUSE-SU-2019:2503", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { name: "openSUSE-SU-2019:2507", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "RHSA-2020:0740", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0740", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18805", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { name: "openSUSE-SU-2019:2503", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { name: "openSUSE-SU-2019:2507", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "RHSA-2020:0740", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0740", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18805", datePublished: "2019-11-07T13:08:05", dateReserved: "2019-11-07T00:00:00", dateUpdated: "2024-08-05T02:02:39.538Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }