certfr_avis - certfr-2018-avi-584

	Vendor	Product	Description
	IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3.0 à 7.3.1 Patch 6
	IBM	QRadar SIEM	IBM QRadar SIEM versions 7.2.0 à 7.2.8 Patch 13

CVE-2018-8037 (GCVE-0-2018-8037)

Vulnerability from cvelistv5

Published

2018-08-02 14:00

Modified

2024-09-16 17:07

Severity ?

CWE

Information Disclosure

Summary

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

References

URL

Tags

	http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1041376	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/104894	vdb-entry, x_refsource_BID
	https://www.debian.org/security/2018/dsa-4281	vendor-advisory, x_refsource_DEBIAN
	https://security.netapp.com/advisory/ntap-20180817-0001/	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	x_refsource_CONFIRM
	http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2867	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2868	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:1529	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/2ee3af8a43cb019e7898c9330cc8e73306553a27f2e4735dfb522d39%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/5d15316dfb4adf75d96d394745f8037533fa3bcc1ac8f619bf5c044c%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC
	https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 9.0.0.M9 to 9.0.9 Version: 8.5.5 to 8.5.31

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[www-announce] 20180722 [SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E"
          },
          {
            "name": "1041376",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041376"
          },
          {
            "name": "104894",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104894"
          },
          {
            "name": "DSA-4281",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4281"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "[www-announce] 20180809 [UPDATE][SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E"
          },
          {
            "name": "RHSA-2018:2867",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2867"
          },
          {
            "name": "RHSA-2018:2868",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2868"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "RHSA-2019:1529",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1529"
          },
          {
            "name": "[tomcat-users] 20191001 Additional Information on Apache Tomcat CVE-2018-8037",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2ee3af8a43cb019e7898c9330cc8e73306553a27f2e4735dfb522d39%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20191001 Re: Additional Information on Apache Tomcat CVE-2018-8037",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5d15316dfb4adf75d96d394745f8037533fa3bcc1ac8f619bf5c044c%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.0.M9 to 9.0.9"
            },
            {
              "status": "affected",
              "version": "8.5.5 to 8.5.31"
            }
          ]
        }
      ],
      "datePublic": "2018-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:47",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[www-announce] 20180722 [SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E"
        },
        {
          "name": "1041376",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041376"
        },
        {
          "name": "104894",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104894"
        },
        {
          "name": "DSA-4281",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4281"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "name": "[www-announce] 20180809 [UPDATE][SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E"
        },
        {
          "name": "RHSA-2018:2867",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2867"
        },
        {
          "name": "RHSA-2018:2868",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2868"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "RHSA-2019:1529",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1529"
        },
        {
          "name": "[tomcat-users] 20191001 Additional Information on Apache Tomcat CVE-2018-8037",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2ee3af8a43cb019e7898c9330cc8e73306553a27f2e4735dfb522d39%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20191001 Re: Additional Information on Apache Tomcat CVE-2018-8037",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5d15316dfb4adf75d96d394745f8037533fa3bcc1ac8f619bf5c044c%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2018-07-22T00:00:00",
          "ID": "CVE-2018-8037",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.0.M9 to 9.0.9"
                          },
                          {
                            "version_value": "8.5.5 to 8.5.31"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[www-announce] 20180722 [SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
              "refsource": "MLIST",
              "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E"
            },
            {
              "name": "1041376",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041376"
            },
            {
              "name": "104894",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104894"
            },
            {
              "name": "DSA-4281",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4281"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180817-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "[www-announce] 20180809 [UPDATE][SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
              "refsource": "MLIST",
              "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E"
            },
            {
              "name": "RHSA-2018:2867",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2867"
            },
            {
              "name": "RHSA-2018:2868",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2868"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "RHSA-2019:1529",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1529"
            },
            {
              "name": "[tomcat-users] 20191001 Additional Information on Apache Tomcat CVE-2018-8037",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2ee3af8a43cb019e7898c9330cc8e73306553a27f2e4735dfb522d39@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20191001 Re: Additional Information on Apache Tomcat CVE-2018-8037",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5d15316dfb4adf75d96d394745f8037533fa3bcc1ac8f619bf5c044c@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8037",
    "datePublished": "2018-08-02T14:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-16T17:07:40.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1087 (GCVE-0-2018-1087)

Vulnerability from cvelistv5

Published

2018-05-15 16:00

Modified

2024-08-05 03:51

Severity ?

8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-250

Summary

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:1347	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040862	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:1348	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4196	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:1355	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1345	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/vulnerabilities/pop_ss	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1318	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1524	vendor-advisory, x_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2018/05/08/5	x_refsource_MISC
	http://www.securityfocus.com/bid/104127	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3641-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3641-1/	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	kernel	KVM	Version: kernel 4.16 Version: kernel 4.16-rc7 Version: kernel 4.17-rc1 Version: kernel 4.17-rc2 Version: kernel 4.17-rc3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1347",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1347"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087"
          },
          {
            "name": "1040862",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040862"
          },
          {
            "name": "RHSA-2018:1348",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1348"
          },
          {
            "name": "DSA-4196",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4196"
          },
          {
            "name": "RHSA-2018:1355",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1355"
          },
          {
            "name": "RHSA-2018:1345",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1345"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/pop_ss"
          },
          {
            "name": "RHSA-2018:1318",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1318"
          },
          {
            "name": "RHSA-2018:1524",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1524"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2018/05/08/5"
          },
          {
            "name": "104127",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104127"
          },
          {
            "name": "USN-3641-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3641-2/"
          },
          {
            "name": "USN-3641-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3641-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "KVM",
          "vendor": "kernel",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 4.16"
            },
            {
              "status": "affected",
              "version": "kernel 4.16-rc7"
            },
            {
              "status": "affected",
              "version": "kernel 4.17-rc1"
            },
            {
              "status": "affected",
              "version": "kernel 4.17-rc2"
            },
            {
              "status": "affected",
              "version": "kernel 4.17-rc3"
            }
          ]
        }
      ],
      "datePublic": "2018-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel\u0027s KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-29T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:1347",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1347"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087"
        },
        {
          "name": "1040862",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040862"
        },
        {
          "name": "RHSA-2018:1348",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1348"
        },
        {
          "name": "DSA-4196",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4196"
        },
        {
          "name": "RHSA-2018:1355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1355"
        },
        {
          "name": "RHSA-2018:1345",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1345"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/pop_ss"
        },
        {
          "name": "RHSA-2018:1318",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1318"
        },
        {
          "name": "RHSA-2018:1524",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1524"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2018/05/08/5"
        },
        {
          "name": "104127",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104127"
        },
        {
          "name": "USN-3641-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3641-2/"
        },
        {
          "name": "USN-3641-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3641-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1087",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "KVM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel 4.16"
                          },
                          {
                            "version_value": "kernel 4.16-rc7"
                          },
                          {
                            "version_value": "kernel 4.17-rc1"
                          },
                          {
                            "version_value": "kernel 4.17-rc2"
                          },
                          {
                            "version_value": "kernel 4.17-rc3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kernel"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel\u0027s KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "8.0/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-250"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1347",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1347"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087"
            },
            {
              "name": "1040862",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040862"
            },
            {
              "name": "RHSA-2018:1348",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1348"
            },
            {
              "name": "DSA-4196",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4196"
            },
            {
              "name": "RHSA-2018:1355",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1355"
            },
            {
              "name": "RHSA-2018:1345",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1345"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/pop_ss",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/vulnerabilities/pop_ss"
            },
            {
              "name": "RHSA-2018:1318",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1318"
            },
            {
              "name": "RHSA-2018:1524",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1524"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2018/05/08/5",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2018/05/08/5"
            },
            {
              "name": "104127",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104127"
            },
            {
              "name": "USN-3641-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3641-2/"
            },
            {
              "name": "USN-3641-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3641-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1087",
    "datePublished": "2018-05-15T16:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T03:51:48.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3665 (GCVE-0-2018-3665)

Vulnerability from cvelistv5

Published

2018-06-21 20:00

Modified

2024-09-17 01:01

Severity ?

CWE

Information Disclosure

Summary

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

References

URL

Tags

	https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2164	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3696-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1041125	vdb-entry, x_refsource_SECTRACK
	https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:1944	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1852	vendor-advisory, x_refsource_REDHAT
	https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc	vendor-advisory, x_refsource_FREEBSD
	http://www.securitytracker.com/id/1041124	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:2165	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4232	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3698-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3696-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/104460	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/3698-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:1170	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1190	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://nvidia.custhelp.com/app/answers/detail/a_id/4787	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_31	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20181016-0001/	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html	x_refsource_CONFIRM
	https://support.citrix.com/article/CTX235745	x_refsource_CONFIRM
	https://security.paloaltonetworks.com/CVE-2018-3665	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Intel Core-based microprocessors	Version: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
          },
          {
            "name": "RHSA-2018:2164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2164"
          },
          {
            "name": "USN-3696-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3696-1/"
          },
          {
            "name": "1041125",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041125"
          },
          {
            "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
          },
          {
            "name": "RHSA-2018:1944",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1944"
          },
          {
            "name": "RHSA-2018:1852",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1852"
          },
          {
            "name": "FreeBSD-SA-18:07",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc"
          },
          {
            "name": "1041124",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041124"
          },
          {
            "name": "RHSA-2018:2165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2165"
          },
          {
            "name": "DSA-4232",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4232"
          },
          {
            "name": "USN-3698-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3698-1/"
          },
          {
            "name": "USN-3696-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3696-2/"
          },
          {
            "name": "104460",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104460"
          },
          {
            "name": "USN-3698-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3698-2/"
          },
          {
            "name": "RHSA-2019:1170",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1170"
          },
          {
            "name": "RHSA-2019:1190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1190"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_31"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181016-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX235745"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2018-3665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel Core-based microprocessors",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2018-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:59",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
        },
        {
          "name": "RHSA-2018:2164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2164"
        },
        {
          "name": "USN-3696-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3696-1/"
        },
        {
          "name": "1041125",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041125"
        },
        {
          "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
        },
        {
          "name": "RHSA-2018:1944",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1944"
        },
        {
          "name": "RHSA-2018:1852",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1852"
        },
        {
          "name": "FreeBSD-SA-18:07",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc"
        },
        {
          "name": "1041124",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041124"
        },
        {
          "name": "RHSA-2018:2165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2165"
        },
        {
          "name": "DSA-4232",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4232"
        },
        {
          "name": "USN-3698-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3698-1/"
        },
        {
          "name": "USN-3696-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3696-2/"
        },
        {
          "name": "104460",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104460"
        },
        {
          "name": "USN-3698-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3698-2/"
        },
        {
          "name": "RHSA-2019:1170",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1170"
        },
        {
          "name": "RHSA-2019:1190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1190"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_31"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181016-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX235745"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2018-3665"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-06-13T00:00:00",
          "ID": "CVE-2018-3665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel Core-based microprocessors",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
            },
            {
              "name": "RHSA-2018:2164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2164"
            },
            {
              "name": "USN-3696-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3696-1/"
            },
            {
              "name": "1041125",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041125"
            },
            {
              "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
            },
            {
              "name": "RHSA-2018:1944",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1944"
            },
            {
              "name": "RHSA-2018:1852",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1852"
            },
            {
              "name": "FreeBSD-SA-18:07",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc"
            },
            {
              "name": "1041124",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041124"
            },
            {
              "name": "RHSA-2018:2165",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2165"
            },
            {
              "name": "DSA-4232",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4232"
            },
            {
              "name": "USN-3698-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3698-1/"
            },
            {
              "name": "USN-3696-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3696-2/"
            },
            {
              "name": "104460",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104460"
            },
            {
              "name": "USN-3698-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3698-2/"
            },
            {
              "name": "RHSA-2019:1170",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1170"
            },
            {
              "name": "RHSA-2019:1190",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1190"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
              "refsource": "CONFIRM",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_31",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_31"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181016-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181016-0001/"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html"
            },
            {
              "name": "https://support.citrix.com/article/CTX235745",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX235745"
            },
            {
              "name": "https://security.paloaltonetworks.com/CVE-2018-3665",
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2018-3665"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3665",
    "datePublished": "2018-06-21T20:00:00Z",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-09-17T01:01:36.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5390 (GCVE-0-2018-5390)

Vulnerability from cvelistv5

Published

2018-08-06 20:00

Modified

2024-08-05 05:33

Severity ?

CWE

CWE-400

Summary

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:2785	vendor-advisory, x_refsource_REDHAT
	https://www.kb.cert.org/vuls/id/962459	third-party-advisory, x_refsource_CERT-VN
	https://usn.ubuntu.com/3741-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2776	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2933	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2403	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2395	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3763-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2384	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3741-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2402	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3742-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1041434	vdb-entry, x_refsource_SECTRACK
	https://usn.ubuntu.com/3732-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/104976	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1041424	vdb-entry, x_refsource_SECTRACK
	https://usn.ubuntu.com/3742-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2924	vendor-advisory, x_refsource_REDHAT
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp	vendor-advisory, x_refsource_CISCO
	https://access.redhat.com/errata/RHSA-2018:2789	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4266	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2645	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3732-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2791	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2790	vendor-advisory, x_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2019/06/28/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/07/06/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/07/06/4	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180815-0003/	x_refsource_CONFIRM
	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_41	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K95343321	x_refsource_CONFIRM
	https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack	x_refsource_CONFIRM
	https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K95343321?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf	x_refsource_CONFIRM
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Linux	Linux Kernel	Version: 4.9 < 4.9*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2785",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2785"
          },
          {
            "name": "VU#962459",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/962459"
          },
          {
            "name": "USN-3741-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-2/"
          },
          {
            "name": "RHSA-2018:2776",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2776"
          },
          {
            "name": "RHSA-2018:2933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2933"
          },
          {
            "name": "RHSA-2018:2403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2403"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "USN-3763-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3763-1/"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "USN-3741-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-1/"
          },
          {
            "name": "RHSA-2018:2402",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2402"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "USN-3742-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-2/"
          },
          {
            "name": "1041434",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041434"
          },
          {
            "name": "USN-3732-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3732-2/"
          },
          {
            "name": "104976",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104976"
          },
          {
            "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
          },
          {
            "name": "1041424",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041424"
          },
          {
            "name": "USN-3742-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-1/"
          },
          {
            "name": "RHSA-2018:2924",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2924"
          },
          {
            "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
          },
          {
            "name": "RHSA-2018:2789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2789"
          },
          {
            "name": "DSA-4266",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4266"
          },
          {
            "name": "RHSA-2018:2645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2645"
          },
          {
            "name": "USN-3732-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3732-1/"
          },
          {
            "name": "RHSA-2018:2791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2791"
          },
          {
            "name": "RHSA-2018:2790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2790"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_41"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K95343321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.9*",
              "status": "affected",
              "version": "4.9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:59",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "RHSA-2018:2785",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2785"
        },
        {
          "name": "VU#962459",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/962459"
        },
        {
          "name": "USN-3741-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-2/"
        },
        {
          "name": "RHSA-2018:2776",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2776"
        },
        {
          "name": "RHSA-2018:2933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2933"
        },
        {
          "name": "RHSA-2018:2403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2403"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "USN-3763-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3763-1/"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "USN-3741-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-1/"
        },
        {
          "name": "RHSA-2018:2402",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2402"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "USN-3742-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-2/"
        },
        {
          "name": "1041434",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041434"
        },
        {
          "name": "USN-3732-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3732-2/"
        },
        {
          "name": "104976",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104976"
        },
        {
          "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
        },
        {
          "name": "1041424",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041424"
        },
        {
          "name": "USN-3742-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-1/"
        },
        {
          "name": "RHSA-2018:2924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2924"
        },
        {
          "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
        },
        {
          "name": "RHSA-2018:2789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2789"
        },
        {
          "name": "DSA-4266",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4266"
        },
        {
          "name": "RHSA-2018:2645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2645"
        },
        {
          "name": "USN-3732-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3732-1/"
        },
        {
          "name": "RHSA-2018:2791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2791"
        },
        {
          "name": "RHSA-2018:2790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2790"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_41"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K95343321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5390",
          "STATE": "PUBLIC",
          "TITLE": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003e=",
                            "version_affected": "\u003e=",
                            "version_name": "4.9",
                            "version_value": "4.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2785",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2785"
            },
            {
              "name": "VU#962459",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/962459"
            },
            {
              "name": "USN-3741-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-2/"
            },
            {
              "name": "RHSA-2018:2776",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2776"
            },
            {
              "name": "RHSA-2018:2933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2933"
            },
            {
              "name": "RHSA-2018:2403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2403"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "USN-3763-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3763-1/"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3741-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-1/"
            },
            {
              "name": "RHSA-2018:2402",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2402"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "USN-3742-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "1041434",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041434"
            },
            {
              "name": "USN-3732-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3732-2/"
            },
            {
              "name": "104976",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104976"
            },
            {
              "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
            },
            {
              "name": "1041424",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041424"
            },
            {
              "name": "USN-3742-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:2924",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2924"
            },
            {
              "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
            },
            {
              "name": "RHSA-2018:2789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2789"
            },
            {
              "name": "DSA-4266",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4266"
            },
            {
              "name": "RHSA-2018:2645",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2645"
            },
            {
              "name": "USN-3732-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3732-1/"
            },
            {
              "name": "RHSA-2018:2791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2791"
            },
            {
              "name": "RHSA-2018:2790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2790"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180815-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_41",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_41"
            },
            {
              "name": "https://support.f5.com/csp/article/K95343321",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K95343321"
            },
            {
              "name": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack",
              "refsource": "CONFIRM",
              "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
            },
            {
              "name": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5390",
    "datePublished": "2018-08-06T20:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-8034 (GCVE-0-2018-8034)

Vulnerability from cvelistv5

Published

2018-08-01 18:00

Modified

2024-10-21 16:09

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Security Constraint Bypass

Summary

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

References

URL

Tags

	https://usn.ubuntu.com/3723-1/	vendor-advisory, x_refsource_UBUNTU
	http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:0451	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2018/dsa-4281	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1041374	vdb-entry, x_refsource_SECTRACK
	https://security.netapp.com/advisory/ntap-20180817-0001/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:0131	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:0130	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:0450	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/104895	vdb-entry, x_refsource_BID
	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:1160	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1162	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1159	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1161	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1529	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:2205	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:3892	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 9.0.0.M1 to 9.0.9 Version: 8.5.0 to 8.5.31 Version: 8.0.0.RC1 to 8.0.52 Version: 7.0.35 to 7.0.88

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:12.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3723-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3723-1/"
          },
          {
            "name": "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E"
          },
          {
            "name": "RHSA-2019:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0451"
          },
          {
            "name": "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html"
          },
          {
            "name": "DSA-4281",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4281"
          },
          {
            "name": "1041374",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041374"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
          },
          {
            "name": "RHSA-2019:0131",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0131"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "RHSA-2019:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0130"
          },
          {
            "name": "RHSA-2019:0450",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0450"
          },
          {
            "name": "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"
          },
          {
            "name": "104895",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104895"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "RHSA-2019:1160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1160"
          },
          {
            "name": "RHSA-2019:1162",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1162"
          },
          {
            "name": "RHSA-2019:1159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1159"
          },
          {
            "name": "RHSA-2019:1161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1161"
          },
          {
            "name": "RHSA-2019:1529",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1529"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-8034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:30:15.701472Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T16:09:49.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.0.M1 to 9.0.9"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.31"
            },
            {
              "status": "affected",
              "version": "8.0.0.RC1 to 8.0.52"
            },
            {
              "status": "affected",
              "version": "7.0.35 to 7.0.88"
            }
          ]
        }
      ],
      "datePublic": "2018-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Constraint Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:47",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "USN-3723-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3723-1/"
        },
        {
          "name": "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E"
        },
        {
          "name": "RHSA-2019:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0451"
        },
        {
          "name": "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html"
        },
        {
          "name": "DSA-4281",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4281"
        },
        {
          "name": "1041374",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041374"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
        },
        {
          "name": "RHSA-2019:0131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0131"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "name": "RHSA-2019:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0130"
        },
        {
          "name": "RHSA-2019:0450",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0450"
        },
        {
          "name": "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"
        },
        {
          "name": "104895",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104895"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "name": "RHSA-2019:1160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1160"
        },
        {
          "name": "RHSA-2019:1162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1162"
        },
        {
          "name": "RHSA-2019:1159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1159"
        },
        {
          "name": "RHSA-2019:1161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1161"
        },
        {
          "name": "RHSA-2019:1529",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1529"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2018-07-22T00:00:00",
          "ID": "CVE-2018-8034",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.0.M1 to 9.0.9"
                          },
                          {
                            "version_value": "8.5.0 to 8.5.31"
                          },
                          {
                            "version_value": "8.0.0.RC1 to 8.0.52"
                          },
                          {
                            "version_value": "7.0.35 to 7.0.88"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Constraint Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3723-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3723-1/"
            },
            {
              "name": "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
              "refsource": "MLIST",
              "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E"
            },
            {
              "name": "RHSA-2019:0451",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0451"
            },
            {
              "name": "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html"
            },
            {
              "name": "DSA-4281",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4281"
            },
            {
              "name": "1041374",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041374"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180817-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
            },
            {
              "name": "RHSA-2019:0131",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0131"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "RHSA-2019:0130",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0130"
            },
            {
              "name": "RHSA-2019:0450",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0450"
            },
            {
              "name": "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"
            },
            {
              "name": "104895",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104895"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "RHSA-2019:1160",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1160"
            },
            {
              "name": "RHSA-2019:1162",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1162"
            },
            {
              "name": "RHSA-2019:1159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1159"
            },
            {
              "name": "RHSA-2019:1161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1161"
            },
            {
              "name": "RHSA-2019:1529",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1529"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2205"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8034",
    "datePublished": "2018-08-01T18:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-10-21T16:09:49.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1730 (GCVE-0-2018-1730)

Vulnerability from cvelistv5

Published

2018-12-05 17:00

Modified

2024-09-16 18:04

Severity ?

7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709.

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/147709	vdb-entry, x_refsource_XF
	https://www.ibm.com/support/docview.wss?uid=ibm10742741&myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	QRadar SIEM	Version: 7.2 Version: 7.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-qradar-cve20181730-xxe(147709)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147709"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742741\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QRadar SIEM",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "status": "affected",
              "version": "7.3"
            }
          ]
        }
      ],
      "datePublic": "2018-12-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:H/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-05T16:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-qradar-cve20181730-xxe(147709)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147709"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742741\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-12-03T00:00:00",
          "ID": "CVE-2018-1730",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QRadar SIEM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.2"
                          },
                          {
                            "version_value": "7.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-qradar-cve20181730-xxe(147709)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147709"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10742741\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742741\u0026myns=swgother\u0026mynp=OCSSBQAC\u0026mync=E\u0026cm_sp=swgother-_-OCSSBQAC-_-E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1730",
    "datePublished": "2018-12-05T17:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:04:10.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-8897 (GCVE-0-2018-8897)

Vulnerability from cvelistv5

Published

2018-05-08 18:00

Modified

2024-08-05 07:10

Severity ?

CWE

n/a

Summary

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

References

URL

Tags

	https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9	x_refsource_MISC
	http://openwall.com/lists/oss-security/2018/05/08/4	x_refsource_MISC
	http://www.securitytracker.com/id/1040849	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/104071	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:1350	vendor-advisory, x_refsource_REDHAT
	https://support.citrix.com/article/CTX234679	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1347	vendor-advisory, x_refsource_REDHAT
	https://www.exploit-db.com/exploits/44697/	exploit, x_refsource_EXPLOIT-DB
	https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1040866	vdb-entry, x_refsource_SECTRACK
	https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html	mailing-list, x_refsource_MLIST
	https://support.apple.com/HT208742	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1346	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1348	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1354	vendor-advisory, x_refsource_REDHAT
	https://svnweb.freebsd.org/base?view=revision&revision=333368	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4196	vendor-advisory, x_refsource_DEBIAN
	https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc	x_refsource_MISC
	http://www.securitytracker.com/id/1040744	vdb-entry, x_refsource_SECTRACK
	https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1351	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1567074	x_refsource_MISC
	https://xenbits.xen.org/xsa/advisory-260.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1319	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4201	vendor-advisory, x_refsource_DEBIAN
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1355	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20180927-0002/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1345	vendor-advisory, x_refsource_REDHAT
	https://www.exploit-db.com/exploits/45024/	exploit, x_refsource_EXPLOIT-DB
	https://access.redhat.com/errata/RHSA-2018:1349	vendor-advisory, x_refsource_REDHAT
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1352	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1318	vendor-advisory, x_refsource_REDHAT
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9	x_refsource_MISC
	https://patchwork.kernel.org/patch/10386677/	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/631579	third-party-advisory, x_refsource_CERT-VN
	https://github.com/can1357/CVE-2018-8897/	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1524	vendor-advisory, x_refsource_REDHAT
	http://openwall.com/lists/oss-security/2018/05/08/1	x_refsource_MISC
	http://www.securitytracker.com/id/1040861	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:1353	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3641-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.synology.com/support/security/Synology_SA_18_21	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040882	vdb-entry, x_refsource_SECTRACK
	https://usn.ubuntu.com/3641-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:10:46.698Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2018/05/08/4"
          },
          {
            "name": "1040849",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040849"
          },
          {
            "name": "104071",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104071"
          },
          {
            "name": "RHSA-2018:1350",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1350"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX234679"
          },
          {
            "name": "RHSA-2018:1347",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1347"
          },
          {
            "name": "44697",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44697/"
          },
          {
            "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
          },
          {
            "name": "1040866",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040866"
          },
          {
            "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
          },
          {
            "name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208742"
          },
          {
            "name": "RHSA-2018:1346",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1346"
          },
          {
            "name": "RHSA-2018:1348",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1348"
          },
          {
            "name": "RHSA-2018:1354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1354"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=333368"
          },
          {
            "name": "DSA-4196",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4196"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc"
          },
          {
            "name": "1040744",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040744"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html"
          },
          {
            "name": "RHSA-2018:1351",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1351"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-260.html"
          },
          {
            "name": "RHSA-2018:1319",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1319"
          },
          {
            "name": "DSA-4201",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "name": "RHSA-2018:1355",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180927-0002/"
          },
          {
            "name": "RHSA-2018:1345",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1345"
          },
          {
            "name": "45024",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45024/"
          },
          {
            "name": "RHSA-2018:1349",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1349"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897"
          },
          {
            "name": "RHSA-2018:1352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1352"
          },
          {
            "name": "RHSA-2018:1318",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1318"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/patch/10386677/"
          },
          {
            "name": "VU#631579",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/631579"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/can1357/CVE-2018-8897/"
          },
          {
            "name": "RHSA-2018:1524",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1524"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2018/05/08/1"
          },
          {
            "name": "1040861",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040861"
          },
          {
            "name": "RHSA-2018:1353",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1353"
          },
          {
            "name": "USN-3641-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3641-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_21"
          },
          {
            "name": "1040882",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040882"
          },
          {
            "name": "USN-3641-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3641-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer\u0027s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL \u003c 3, the debug exception is delivered after the transfer to CPL \u003c 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-21T08:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openwall.com/lists/oss-security/2018/05/08/4"
        },
        {
          "name": "1040849",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040849"
        },
        {
          "name": "104071",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104071"
        },
        {
          "name": "RHSA-2018:1350",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1350"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX234679"
        },
        {
          "name": "RHSA-2018:1347",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1347"
        },
        {
          "name": "44697",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44697/"
        },
        {
          "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
        },
        {
          "name": "1040866",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040866"
        },
        {
          "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
        },
        {
          "name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT208742"
        },
        {
          "name": "RHSA-2018:1346",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1346"
        },
        {
          "name": "RHSA-2018:1348",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1348"
        },
        {
          "name": "RHSA-2018:1354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1354"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=333368"
        },
        {
          "name": "DSA-4196",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4196"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc"
        },
        {
          "name": "1040744",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040744"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html"
        },
        {
          "name": "RHSA-2018:1351",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1351"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-260.html"
        },
        {
          "name": "RHSA-2018:1319",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1319"
        },
        {
          "name": "DSA-4201",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "name": "RHSA-2018:1355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180927-0002/"
        },
        {
          "name": "RHSA-2018:1345",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1345"
        },
        {
          "name": "45024",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45024/"
        },
        {
          "name": "RHSA-2018:1349",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1349"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897"
        },
        {
          "name": "RHSA-2018:1352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1352"
        },
        {
          "name": "RHSA-2018:1318",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1318"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.kernel.org/patch/10386677/"
        },
        {
          "name": "VU#631579",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/631579"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/can1357/CVE-2018-8897/"
        },
        {
          "name": "RHSA-2018:1524",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1524"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openwall.com/lists/oss-security/2018/05/08/1"
        },
        {
          "name": "1040861",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040861"
        },
        {
          "name": "RHSA-2018:1353",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1353"
        },
        {
          "name": "USN-3641-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3641-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_21"
        },
        {
          "name": "1040882",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040882"
        },
        {
          "name": "USN-3641-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3641-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-8897",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer\u0027s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL \u003c 3, the debug exception is delivered after the transfer to CPL \u003c 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
            },
            {
              "name": "http://openwall.com/lists/oss-security/2018/05/08/4",
              "refsource": "MISC",
              "url": "http://openwall.com/lists/oss-security/2018/05/08/4"
            },
            {
              "name": "1040849",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040849"
            },
            {
              "name": "104071",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104071"
            },
            {
              "name": "RHSA-2018:1350",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1350"
            },
            {
              "name": "https://support.citrix.com/article/CTX234679",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX234679"
            },
            {
              "name": "RHSA-2018:1347",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1347"
            },
            {
              "name": "44697",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44697/"
            },
            {
              "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
            },
            {
              "name": "1040866",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040866"
            },
            {
              "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
            },
            {
              "name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
            },
            {
              "name": "https://support.apple.com/HT208742",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT208742"
            },
            {
              "name": "RHSA-2018:1346",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1346"
            },
            {
              "name": "RHSA-2018:1348",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1348"
            },
            {
              "name": "RHSA-2018:1354",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1354"
            },
            {
              "name": "https://svnweb.freebsd.org/base?view=revision\u0026revision=333368",
              "refsource": "MISC",
              "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=333368"
            },
            {
              "name": "DSA-4196",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4196"
            },
            {
              "name": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc",
              "refsource": "MISC",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc"
            },
            {
              "name": "1040744",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040744"
            },
            {
              "name": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html",
              "refsource": "MISC",
              "url": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html"
            },
            {
              "name": "RHSA-2018:1351",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1351"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074"
            },
            {
              "name": "https://xenbits.xen.org/xsa/advisory-260.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-260.html"
            },
            {
              "name": "RHSA-2018:1319",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1319"
            },
            {
              "name": "DSA-4201",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4201"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "RHSA-2018:1355",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1355"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180927-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180927-0002/"
            },
            {
              "name": "RHSA-2018:1345",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1345"
            },
            {
              "name": "45024",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45024/"
            },
            {
              "name": "RHSA-2018:1349",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1349"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897"
            },
            {
              "name": "RHSA-2018:1352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1352"
            },
            {
              "name": "RHSA-2018:1318",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1318"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
            },
            {
              "name": "https://patchwork.kernel.org/patch/10386677/",
              "refsource": "MISC",
              "url": "https://patchwork.kernel.org/patch/10386677/"
            },
            {
              "name": "VU#631579",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/631579"
            },
            {
              "name": "https://github.com/can1357/CVE-2018-8897/",
              "refsource": "MISC",
              "url": "https://github.com/can1357/CVE-2018-8897/"
            },
            {
              "name": "RHSA-2018:1524",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1524"
            },
            {
              "name": "http://openwall.com/lists/oss-security/2018/05/08/1",
              "refsource": "MISC",
              "url": "http://openwall.com/lists/oss-security/2018/05/08/1"
            },
            {
              "name": "1040861",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040861"
            },
            {
              "name": "RHSA-2018:1353",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1353"
            },
            {
              "name": "USN-3641-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3641-2/"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_21",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_21"
            },
            {
              "name": "1040882",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040882"
            },
            {
              "name": "USN-3641-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3641-1/"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-8897",
    "datePublished": "2018-05-08T18:00:00",
    "dateReserved": "2018-03-21T00:00:00",
    "dateUpdated": "2024-08-05T07:10:46.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-7566 (GCVE-0-2018-7566)

Vulnerability from cvelistv5

Published

2018-03-30 21:00

Modified

2024-08-05 06:31

Severity ?

CWE

n/a

Summary

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

References

URL

Tags

	https://usn.ubuntu.com/3631-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3631-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2390	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2395	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2384	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4188	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/103605	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3798-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3798-2/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2019:1483	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1487	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1550142	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:31:04.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3631-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3631-2/"
          },
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3631-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3631-1/"
          },
          {
            "name": "RHSA-2018:2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2390"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "DSA-4188",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4188"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "103605",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103605"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "[alsa-devel] 20180214 [PATCH] ALSA: seq: Fix racy pool initializations",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html"
          },
          {
            "name": "USN-3798-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3798-1/"
          },
          {
            "name": "USN-3798-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3798-2/"
          },
          {
            "name": "SUSE-SU-2018:0834",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
          },
          {
            "name": "RHSA-2019:1483",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1483"
          },
          {
            "name": "RHSA-2019:1487",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1487"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:59",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3631-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3631-2/"
        },
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3631-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3631-1/"
        },
        {
          "name": "RHSA-2018:2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2390"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "DSA-4188",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4188"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "103605",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103605"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "[alsa-devel] 20180214 [PATCH] ALSA: seq: Fix racy pool initializations",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html"
        },
        {
          "name": "USN-3798-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3798-1/"
        },
        {
          "name": "USN-3798-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3798-2/"
        },
        {
          "name": "SUSE-SU-2018:0834",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
        },
        {
          "name": "RHSA-2019:1483",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1483"
        },
        {
          "name": "RHSA-2019:1487",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1487"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7566",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3631-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3631-2/"
            },
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3631-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3631-1/"
            },
            {
              "name": "RHSA-2018:2390",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "DSA-4188",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4188"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "103605",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103605"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "[alsa-devel] 20180214 [PATCH] ALSA: seq: Fix racy pool initializations",
              "refsource": "MLIST",
              "url": "http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html"
            },
            {
              "name": "USN-3798-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3798-1/"
            },
            {
              "name": "USN-3798-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3798-2/"
            },
            {
              "name": "SUSE-SU-2018:0834",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
            },
            {
              "name": "RHSA-2019:1483",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1483"
            },
            {
              "name": "RHSA-2019:1487",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1487"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7566",
    "datePublished": "2018-03-30T21:00:00",
    "dateReserved": "2018-02-28T00:00:00",
    "dateUpdated": "2024-08-05T06:31:04.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000199 (GCVE-0-2018-1000199)

Vulnerability from cvelistv5

Published

2018-05-24 13:00

Modified

2024-08-05 12:40

Severity ?

CWE

n/a

Summary

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:1347	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1348	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4188	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:1354	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1040806	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:1355	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1345	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1318	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1374	vendor-advisory, x_refsource_REDHAT
	https://lkml.org/lkml/2018/4/6/813	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3641-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3641-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:40:46.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "RHSA-2018:1347",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1347"
          },
          {
            "name": "RHSA-2018:1348",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1348"
          },
          {
            "name": "DSA-4188",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4188"
          },
          {
            "name": "RHSA-2018:1354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1354"
          },
          {
            "name": "1040806",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040806"
          },
          {
            "name": "RHSA-2018:1355",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1355"
          },
          {
            "name": "RHSA-2018:1345",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1345"
          },
          {
            "name": "RHSA-2018:1318",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1318"
          },
          {
            "name": "RHSA-2018:1374",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1374"
          },
          {
            "name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2018/4/6/813"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3641-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3641-2/"
          },
          {
            "name": "USN-3641-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3641-1/"
          },
          {
            "name": "openSUSE-SU-2020:0801",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-05-18T00:00:00",
      "datePublic": "2018-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-13T08:13:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "RHSA-2018:1347",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1347"
        },
        {
          "name": "RHSA-2018:1348",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1348"
        },
        {
          "name": "DSA-4188",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4188"
        },
        {
          "name": "RHSA-2018:1354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1354"
        },
        {
          "name": "1040806",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040806"
        },
        {
          "name": "RHSA-2018:1355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1355"
        },
        {
          "name": "RHSA-2018:1345",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1345"
        },
        {
          "name": "RHSA-2018:1318",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1318"
        },
        {
          "name": "RHSA-2018:1374",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1374"
        },
        {
          "name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lkml.org/lkml/2018/4/6/813"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3641-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3641-2/"
        },
        {
          "name": "USN-3641-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3641-1/"
        },
        {
          "name": "openSUSE-SU-2020:0801",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-05-18T21:46:02.320084",
          "DATE_REQUESTED": "2018-04-17T08:55:55",
          "ID": "CVE-2018-1000199",
          "REQUESTER": "luto@kernel.org",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "RHSA-2018:1347",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1347"
            },
            {
              "name": "RHSA-2018:1348",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1348"
            },
            {
              "name": "DSA-4188",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4188"
            },
            {
              "name": "RHSA-2018:1354",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1354"
            },
            {
              "name": "1040806",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040806"
            },
            {
              "name": "RHSA-2018:1355",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1355"
            },
            {
              "name": "RHSA-2018:1345",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1345"
            },
            {
              "name": "RHSA-2018:1318",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1318"
            },
            {
              "name": "RHSA-2018:1374",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1374"
            },
            {
              "name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation",
              "refsource": "MLIST",
              "url": "https://lkml.org/lkml/2018/4/6/813"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3641-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3641-2/"
            },
            {
              "name": "USN-3641-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3641-1/"
            },
            {
              "name": "openSUSE-SU-2020:0801",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000199",
    "datePublished": "2018-05-24T13:00:00",
    "dateReserved": "2018-04-17T00:00:00",
    "dateUpdated": "2024-08-05T12:40:46.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10675 (GCVE-0-2018-10675)

Vulnerability from cvelistv5

Published

2018-05-02 18:00

Modified

2024-08-05 07:46

Severity ?

CWE

n/a

Summary

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:3540	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2785	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2164	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2925	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2933	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2395	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2384	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3590	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/104093	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:2924	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3586	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2791	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99	x_refsource_MISC
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99	x_refsource_MISC
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:46.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3540",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3540"
          },
          {
            "name": "RHSA-2018:2785",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2785"
          },
          {
            "name": "RHSA-2018:2164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2164"
          },
          {
            "name": "RHSA-2018:2925",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2925"
          },
          {
            "name": "RHSA-2018:2933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2933"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "name": "RHSA-2018:3590",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3590"
          },
          {
            "name": "104093",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104093"
          },
          {
            "name": "RHSA-2018:2924",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2924"
          },
          {
            "name": "RHSA-2018:3586",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3586"
          },
          {
            "name": "RHSA-2018:2791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2791"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:56",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:3540",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3540"
        },
        {
          "name": "RHSA-2018:2785",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2785"
        },
        {
          "name": "RHSA-2018:2164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2164"
        },
        {
          "name": "RHSA-2018:2925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2925"
        },
        {
          "name": "RHSA-2018:2933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2933"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "name": "RHSA-2018:3590",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3590"
        },
        {
          "name": "104093",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104093"
        },
        {
          "name": "RHSA-2018:2924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2924"
        },
        {
          "name": "RHSA-2018:3586",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3586"
        },
        {
          "name": "RHSA-2018:2791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2791"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10675",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:3540",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3540"
            },
            {
              "name": "RHSA-2018:2785",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2785"
            },
            {
              "name": "RHSA-2018:2164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2164"
            },
            {
              "name": "RHSA-2018:2925",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2925"
            },
            {
              "name": "RHSA-2018:2933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2933"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "RHSA-2018:3590",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3590"
            },
            {
              "name": "104093",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104093"
            },
            {
              "name": "RHSA-2018:2924",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2924"
            },
            {
              "name": "RHSA-2018:3586",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3586"
            },
            {
              "name": "RHSA-2018:2791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2791"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9",
              "refsource": "MISC",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10675",
    "datePublished": "2018-05-02T18:00:00",
    "dateReserved": "2018-05-02T00:00:00",
    "dateUpdated": "2024-08-05T07:46:46.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1091 (GCVE-0-2018-1091)

Vulnerability from cvelistv5

Published

2018-03-27 21:00

Modified

2024-08-05 03:51

Severity ?

CWE

CWE-391

Summary

In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1558149	x_refsource_CONFIRM
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5	x_refsource_CONFIRM
	https://marc.info/?l=linuxppc-embedded&m=150535531910494&w=2	x_refsource_CONFIRM
	https://access.redhat.com/security/cve/cve-2018-1091	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1318	vendor-advisory, x_refsource_REDHAT
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2018/03/27/4	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Linux kernel v4.13 and newer	Version: Linux kernel v4.13 and newer

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://marc.info/?l=linuxppc-embedded\u0026m=150535531910494\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2018-1091"
          },
          {
            "name": "RHSA-2018:1318",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1318"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2018/03/27/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel v4.13 and newer",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel v4.13 and newer"
            }
          ]
        }
      ],
      "datePublic": "2018-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-391",
              "description": "CWE-391",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-09T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://marc.info/?l=linuxppc-embedded\u0026m=150535531910494\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2018-1091"
        },
        {
          "name": "RHSA-2018:1318",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1318"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openwall.com/lists/oss-security/2018/03/27/4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1091",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux kernel v4.13 and newer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Linux kernel v4.13 and newer"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-391"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1558149",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558149"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5",
              "refsource": "CONFIRM",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5"
            },
            {
              "name": "https://marc.info/?l=linuxppc-embedded\u0026m=150535531910494\u0026w=2",
              "refsource": "CONFIRM",
              "url": "https://marc.info/?l=linuxppc-embedded\u0026m=150535531910494\u0026w=2"
            },
            {
              "name": "https://access.redhat.com/security/cve/cve-2018-1091",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/cve/cve-2018-1091"
            },
            {
              "name": "RHSA-2018:1318",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1318"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70"
            },
            {
              "name": "http://openwall.com/lists/oss-security/2018/03/27/4",
              "refsource": "CONFIRM",
              "url": "http://openwall.com/lists/oss-security/2018/03/27/4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1091",
    "datePublished": "2018-03-27T21:00:00",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-08-05T03:51:48.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-16939 (GCVE-0-2017-16939)

Vulnerability from cvelistv5

Published

2017-11-24 10:00

Modified

2024-08-05 20:43

Severity ?

CWE

n/a

Summary

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4082	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.suse.com/show_bug.cgi?id=1069702	x_refsource_MISC
	https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2	x_refsource_MISC
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11	x_refsource_MISC
	http://seclists.org/fulldisclosure/2017/Nov/40	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:1355	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1318	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/101954	vdb-entry, x_refsource_BID
	https://blogs.securiteam.com/index.php/archives/3535	x_refsource_MISC
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:1170	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1190	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:43:59.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4082",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4082"
          },
          {
            "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
          },
          {
            "name": "SUSE-SU-2018:0011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1069702"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Nov/40"
          },
          {
            "name": "RHSA-2018:1355",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1355"
          },
          {
            "name": "RHSA-2018:1318",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1318"
          },
          {
            "name": "101954",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101954"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.securiteam.com/index.php/archives/3535"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2"
          },
          {
            "name": "RHSA-2019:1170",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1170"
          },
          {
            "name": "RHSA-2019:1190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1190"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-14T22:06:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4082",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4082"
        },
        {
          "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
        },
        {
          "name": "SUSE-SU-2018:0011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1069702"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Nov/40"
        },
        {
          "name": "RHSA-2018:1355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1355"
        },
        {
          "name": "RHSA-2018:1318",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1318"
        },
        {
          "name": "101954",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101954"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.securiteam.com/index.php/archives/3535"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2"
        },
        {
          "name": "RHSA-2019:1170",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1170"
        },
        {
          "name": "RHSA-2019:1190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1190"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16939",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4082",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4082"
            },
            {
              "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
            },
            {
              "name": "SUSE-SU-2018:0011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1069702",
              "refsource": "MISC",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1069702"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11",
              "refsource": "MISC",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2017/Nov/40",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2017/Nov/40"
            },
            {
              "name": "RHSA-2018:1355",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1355"
            },
            {
              "name": "RHSA-2018:1318",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1318"
            },
            {
              "name": "101954",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101954"
            },
            {
              "name": "https://blogs.securiteam.com/index.php/archives/3535",
              "refsource": "MISC",
              "url": "https://blogs.securiteam.com/index.php/archives/3535"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2"
            },
            {
              "name": "RHSA-2019:1170",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1170"
            },
            {
              "name": "RHSA-2019:1190",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1190"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16939",
    "datePublished": "2017-11-24T10:00:00",
    "dateReserved": "2017-11-24T00:00:00",
    "dateUpdated": "2024-08-05T20:43:59.514Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3693 (GCVE-0-2018-3693)

Vulnerability from cvelistv5

Published

2018-07-10 21:00

Modified

2024-08-05 04:50

Severity ?

CWE

Information Disclosure

Summary

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:2390	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2395	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2384	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1946	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2020:0174	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180823-0001/	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://cdrdv2.intel.com/v1/dl/getContent/685359	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Most Modern Operating Systems	Version: All

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2390"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "RHSA-2019:1946",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1946"
          },
          {
            "name": "RHSA-2020:0174",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0174"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Most Modern Operating Systems",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-19T17:51:16",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "RHSA-2018:2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2390"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "RHSA-2019:1946",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1946"
        },
        {
          "name": "RHSA-2020:0174",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0174"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2018-3693",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Most Modern Operating Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2390",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "RHSA-2019:1946",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1946"
            },
            {
              "name": "RHSA-2020:0174",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0174"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180823-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://cdrdv2.intel.com/v1/dl/getContent/685359",
              "refsource": "CONFIRM",
              "url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3693",
    "datePublished": "2018-07-10T21:00:00",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1068 (GCVE-0-2018-1068)

Vulnerability from cvelistv5

Published

2018-03-16 16:00

Modified

2024-09-16 16:13

Severity ?

CWE

CWE-119

Summary

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4187	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3654-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3674-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3677-1/	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1552048	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4188	vendor-advisory, x_refsource_DEBIAN
	https://marc.info/?l=linux-netdev&m=152023808817590&w=2	mailing-list, x_refsource_MLIST
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6	x_refsource_CONFIRM
	https://usn.ubuntu.com/3674-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1355	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/103459	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:1318	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3677-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3654-2/	vendor-advisory, x_refsource_UBUNTU
	https://marc.info/?l=linux-netdev&m=152025888924151&w=2	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3656-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:1170	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1190	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:4159	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	Linux Kernel Organization, Inc.	Linux Kernel	Version: 4.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:47.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3654-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3654-1/"
          },
          {
            "name": "USN-3674-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3674-1/"
          },
          {
            "name": "USN-3677-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3677-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"
          },
          {
            "name": "DSA-4188",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4188"
          },
          {
            "name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://marc.info/?l=linux-netdev\u0026m=152023808817590\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6"
          },
          {
            "name": "USN-3674-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3674-2/"
          },
          {
            "name": "RHSA-2018:1355",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1355"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "103459",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103459"
          },
          {
            "name": "RHSA-2018:1318",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1318"
          },
          {
            "name": "USN-3677-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3677-2/"
          },
          {
            "name": "USN-3654-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3654-2/"
          },
          {
            "name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://marc.info/?l=linux-netdev\u0026m=152025888924151\u0026w=2"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "USN-3656-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3656-1/"
          },
          {
            "name": "RHSA-2019:1170",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1170"
          },
          {
            "name": "RHSA-2019:1190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1190"
          },
          {
            "name": "RHSA-2019:4159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4159"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "Linux Kernel Organization, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        }
      ],
      "datePublic": "2018-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-10T15:06:12",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3654-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3654-1/"
        },
        {
          "name": "USN-3674-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3674-1/"
        },
        {
          "name": "USN-3677-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3677-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"
        },
        {
          "name": "DSA-4188",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4188"
        },
        {
          "name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://marc.info/?l=linux-netdev\u0026m=152023808817590\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6"
        },
        {
          "name": "USN-3674-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3674-2/"
        },
        {
          "name": "RHSA-2018:1355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1355"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "103459",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103459"
        },
        {
          "name": "RHSA-2018:1318",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1318"
        },
        {
          "name": "USN-3677-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3677-2/"
        },
        {
          "name": "USN-3654-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3654-2/"
        },
        {
          "name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://marc.info/?l=linux-netdev\u0026m=152025888924151\u0026w=2"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "USN-3656-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3656-1/"
        },
        {
          "name": "RHSA-2019:1170",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1170"
        },
        {
          "name": "RHSA-2019:1190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1190"
        },
        {
          "name": "RHSA-2019:4159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4159"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2018-03-05T00:00:00",
          "ID": "CVE-2018-1068",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux Kernel Organization, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3654-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3654-1/"
            },
            {
              "name": "USN-3674-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3674-1/"
            },
            {
              "name": "USN-3677-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3677-1/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"
            },
            {
              "name": "DSA-4188",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4188"
            },
            {
              "name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries",
              "refsource": "MLIST",
              "url": "https://marc.info/?l=linux-netdev\u0026m=152023808817590\u0026w=2"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6"
            },
            {
              "name": "USN-3674-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3674-2/"
            },
            {
              "name": "RHSA-2018:1355",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1355"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "103459",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103459"
            },
            {
              "name": "RHSA-2018:1318",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1318"
            },
            {
              "name": "USN-3677-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3677-2/"
            },
            {
              "name": "USN-3654-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3654-2/"
            },
            {
              "name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries",
              "refsource": "MLIST",
              "url": "https://marc.info/?l=linux-netdev\u0026m=152025888924151\u0026w=2"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "USN-3656-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3656-1/"
            },
            {
              "name": "RHSA-2019:1170",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1170"
            },
            {
              "name": "RHSA-2019:1190",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1190"
            },
            {
              "name": "RHSA-2019:4159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4159"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1068",
    "datePublished": "2018-03-16T16:00:00Z",
    "dateReserved": "2017-12-04T00:00:00",
    "dateUpdated": "2024-09-16T16:13:09.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1728 (GCVE-0-2018-1728)

Vulnerability from cvelistv5

Published

2018-12-05 17:00

Modified

2024-09-17 01:46

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C

CWE

Cross-Site Scripting

Summary

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707.

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/147707	vdb-entry, x_refsource_XF
	https://www.ibm.com/support/docview.wss?uid=ibm10742723	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	QRadar SIEM	Version: 7.2 Version: 7.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-qradar-cve20181728-xss(147707)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147707"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742723"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QRadar SIEM",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "status": "affected",
              "version": "7.3"
            }
          ]
        }
      ],
      "datePublic": "2018-12-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-05T16:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-qradar-cve20181728-xss(147707)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147707"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742723"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-12-03T00:00:00",
          "ID": "CVE-2018-1728",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QRadar SIEM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.2"
                          },
                          {
                            "version_value": "7.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-qradar-cve20181728-xss(147707)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147707"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10742723",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742723"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1728",
    "datePublished": "2018-12-05T17:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T01:46:10.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3646 (GCVE-0-2018-3646)

Vulnerability from cvelistv5

Published

2018-08-14 19:00

Modified

2024-09-17 02:27

Severity ?

CWE

Information Disclosure

Summary

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

References

URL

Tags

	https://www.kb.cert.org/vuls/id/982149	third-party-advisory, x_refsource_CERT-VN
	http://www.securitytracker.com/id/1041451	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201810-06	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/3741-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2393	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3823-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2389	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1042004	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:2390	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2403	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/105080	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:2395	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2384	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3740-2/	vendor-advisory, x_refsource_UBUNTU
	https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc	vendor-advisory, x_refsource_FREEBSD
	https://www.debian.org/security/2018/dsa-4274	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2018:2388	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3741-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2603	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2402	vendor-advisory, x_refsource_REDHAT
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/3742-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2404	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3740-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2391	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2396	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4279	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2392	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3742-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2602	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2394	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2387	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3756-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	http://xenbits.xen.org/xsa/advisory-273.html	x_refsource_CONFIRM
	https://foreshadowattack.eu/	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20180815-0001/	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-24163	x_refsource_CONFIRM
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_45	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us	x_refsource_CONFIRM
	https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-2018-0020.html	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K31300402	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Multiple	Version: Multiple

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#982149",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/982149"
          },
          {
            "name": "1041451",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041451"
          },
          {
            "name": "GLSA-201810-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-06"
          },
          {
            "name": "USN-3741-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-2/"
          },
          {
            "name": "RHSA-2018:2393",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2393"
          },
          {
            "name": "USN-3823-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3823-1/"
          },
          {
            "name": "RHSA-2018:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2389"
          },
          {
            "name": "1042004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042004"
          },
          {
            "name": "RHSA-2018:2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2390"
          },
          {
            "name": "RHSA-2018:2403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2403"
          },
          {
            "name": "105080",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105080"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "USN-3740-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3740-2/"
          },
          {
            "name": "FreeBSD-SA-18:09",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
          },
          {
            "name": "DSA-4274",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4274"
          },
          {
            "name": "FEDORA-2018-1c80fea1cd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
          },
          {
            "name": "RHSA-2018:2388",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2388"
          },
          {
            "name": "USN-3741-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-1/"
          },
          {
            "name": "RHSA-2018:2603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2603"
          },
          {
            "name": "RHSA-2018:2402",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2402"
          },
          {
            "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
          },
          {
            "name": "FEDORA-2018-f8cba144ae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
          },
          {
            "name": "USN-3742-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-2/"
          },
          {
            "name": "RHSA-2018:2404",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2404"
          },
          {
            "name": "USN-3740-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3740-1/"
          },
          {
            "name": "RHSA-2018:2391",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2391"
          },
          {
            "name": "RHSA-2018:2396",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2396"
          },
          {
            "name": "DSA-4279",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4279"
          },
          {
            "name": "RHSA-2018:2392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2392"
          },
          {
            "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
          },
          {
            "name": "USN-3742-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-1/"
          },
          {
            "name": "RHSA-2018:2602",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2602"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "name": "RHSA-2018:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2394"
          },
          {
            "name": "RHSA-2018:2387",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2387"
          },
          {
            "name": "USN-3756-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3756-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-273.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://foreshadowattack.eu/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_45"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K31300402"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple"
            }
          ]
        }
      ],
      "datePublic": "2018-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:59",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "VU#982149",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/982149"
        },
        {
          "name": "1041451",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041451"
        },
        {
          "name": "GLSA-201810-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-06"
        },
        {
          "name": "USN-3741-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-2/"
        },
        {
          "name": "RHSA-2018:2393",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2393"
        },
        {
          "name": "USN-3823-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3823-1/"
        },
        {
          "name": "RHSA-2018:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2389"
        },
        {
          "name": "1042004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042004"
        },
        {
          "name": "RHSA-2018:2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2390"
        },
        {
          "name": "RHSA-2018:2403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2403"
        },
        {
          "name": "105080",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105080"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "USN-3740-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3740-2/"
        },
        {
          "name": "FreeBSD-SA-18:09",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
        },
        {
          "name": "DSA-4274",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4274"
        },
        {
          "name": "FEDORA-2018-1c80fea1cd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
        },
        {
          "name": "RHSA-2018:2388",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2388"
        },
        {
          "name": "USN-3741-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-1/"
        },
        {
          "name": "RHSA-2018:2603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2603"
        },
        {
          "name": "RHSA-2018:2402",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2402"
        },
        {
          "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
        },
        {
          "name": "FEDORA-2018-f8cba144ae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
        },
        {
          "name": "USN-3742-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-2/"
        },
        {
          "name": "RHSA-2018:2404",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2404"
        },
        {
          "name": "USN-3740-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3740-1/"
        },
        {
          "name": "RHSA-2018:2391",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2391"
        },
        {
          "name": "RHSA-2018:2396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2396"
        },
        {
          "name": "DSA-4279",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4279"
        },
        {
          "name": "RHSA-2018:2392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2392"
        },
        {
          "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
        },
        {
          "name": "USN-3742-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-1/"
        },
        {
          "name": "RHSA-2018:2602",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2602"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "name": "RHSA-2018:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2394"
        },
        {
          "name": "RHSA-2018:2387",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2387"
        },
        {
          "name": "USN-3756-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3756-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-273.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://foreshadowattack.eu/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_45"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K31300402"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-08-14T00:00:00",
          "ID": "CVE-2018-3646",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#982149",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/982149"
            },
            {
              "name": "1041451",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041451"
            },
            {
              "name": "GLSA-201810-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-06"
            },
            {
              "name": "USN-3741-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-2/"
            },
            {
              "name": "RHSA-2018:2393",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2393"
            },
            {
              "name": "USN-3823-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3823-1/"
            },
            {
              "name": "RHSA-2018:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2389"
            },
            {
              "name": "1042004",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "RHSA-2018:2390",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "RHSA-2018:2403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2403"
            },
            {
              "name": "105080",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105080"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3740-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3740-2/"
            },
            {
              "name": "FreeBSD-SA-18:09",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
            },
            {
              "name": "DSA-4274",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4274"
            },
            {
              "name": "FEDORA-2018-1c80fea1cd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
            },
            {
              "name": "RHSA-2018:2388",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2388"
            },
            {
              "name": "USN-3741-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-1/"
            },
            {
              "name": "RHSA-2018:2603",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2603"
            },
            {
              "name": "RHSA-2018:2402",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2402"
            },
            {
              "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
            },
            {
              "name": "FEDORA-2018-f8cba144ae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
            },
            {
              "name": "USN-3742-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "RHSA-2018:2404",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2404"
            },
            {
              "name": "USN-3740-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3740-1/"
            },
            {
              "name": "RHSA-2018:2391",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2391"
            },
            {
              "name": "RHSA-2018:2396",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "DSA-4279",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4279"
            },
            {
              "name": "RHSA-2018:2392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2392"
            },
            {
              "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
            },
            {
              "name": "USN-3742-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:2602",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2602"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:2387",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "USN-3756-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-273.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-273.html"
            },
            {
              "name": "https://foreshadowattack.eu/",
              "refsource": "MISC",
              "url": "https://foreshadowattack.eu/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180815-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-24163",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_45",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_45"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
            },
            {
              "name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
              "refsource": "CONFIRM",
              "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2018-0020.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K31300402",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K31300402"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3646",
    "datePublished": "2018-08-14T19:00:00Z",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-09-17T02:27:21.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-3620 (GCVE-0-2018-3620)

Vulnerability from cvelistv5

Published

2018-08-14 19:00

Modified

2024-09-17 01:01

Severity ?

CWE

Information Disclosure

Summary

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

References

URL

Tags

	https://www.kb.cert.org/vuls/id/982149	third-party-advisory, x_refsource_CERT-VN
	http://www.securitytracker.com/id/1041451	vdb-entry, x_refsource_SECTRACK
	https://security.gentoo.org/glsa/201810-06	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/3741-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2393	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3823-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2389	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2390	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2403	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/105080	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:2395	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2384	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3740-2/	vendor-advisory, x_refsource_UBUNTU
	https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc	vendor-advisory, x_refsource_FREEBSD
	https://www.debian.org/security/2018/dsa-4274	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2018:2388	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3741-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2603	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2402	vendor-advisory, x_refsource_REDHAT
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/	vendor-advisory, x_refsource_FEDORA
	https://usn.ubuntu.com/3742-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2404	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3740-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2391	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2396	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4279	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2392	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3742-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2602	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2394	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2387	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	http://xenbits.xen.org/xsa/advisory-273.html	x_refsource_CONFIRM
	https://foreshadowattack.eu/	x_refsource_MISC
	http://www.vmware.com/security/advisories/VMSA-2018-0021.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180815-0001/	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K95275140	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-24163	x_refsource_CONFIRM
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_45	x_refsource_CONFIRM
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us	x_refsource_CONFIRM
	https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Multiple	Version: Multiple

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:29.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#982149",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/982149"
          },
          {
            "name": "1041451",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041451"
          },
          {
            "name": "GLSA-201810-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-06"
          },
          {
            "name": "USN-3741-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-2/"
          },
          {
            "name": "RHSA-2018:2393",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2393"
          },
          {
            "name": "USN-3823-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3823-1/"
          },
          {
            "name": "RHSA-2018:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2389"
          },
          {
            "name": "RHSA-2018:2390",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2390"
          },
          {
            "name": "RHSA-2018:2403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2403"
          },
          {
            "name": "105080",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105080"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "USN-3740-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3740-2/"
          },
          {
            "name": "FreeBSD-SA-18:09",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
          },
          {
            "name": "DSA-4274",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4274"
          },
          {
            "name": "FEDORA-2018-1c80fea1cd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
          },
          {
            "name": "RHSA-2018:2388",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2388"
          },
          {
            "name": "USN-3741-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-1/"
          },
          {
            "name": "RHSA-2018:2603",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2603"
          },
          {
            "name": "RHSA-2018:2402",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2402"
          },
          {
            "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
          },
          {
            "name": "FEDORA-2018-f8cba144ae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
          },
          {
            "name": "USN-3742-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-2/"
          },
          {
            "name": "RHSA-2018:2404",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2404"
          },
          {
            "name": "USN-3740-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3740-1/"
          },
          {
            "name": "RHSA-2018:2391",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2391"
          },
          {
            "name": "RHSA-2018:2396",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2396"
          },
          {
            "name": "DSA-4279",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4279"
          },
          {
            "name": "RHSA-2018:2392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2392"
          },
          {
            "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
          },
          {
            "name": "USN-3742-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-1/"
          },
          {
            "name": "RHSA-2018:2602",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2602"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "name": "RHSA-2018:2394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2394"
          },
          {
            "name": "RHSA-2018:2387",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2387"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-273.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://foreshadowattack.eu/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K95275140"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_45"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple"
            }
          ]
        }
      ],
      "datePublic": "2018-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:58",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "VU#982149",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/982149"
        },
        {
          "name": "1041451",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041451"
        },
        {
          "name": "GLSA-201810-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-06"
        },
        {
          "name": "USN-3741-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-2/"
        },
        {
          "name": "RHSA-2018:2393",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2393"
        },
        {
          "name": "USN-3823-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3823-1/"
        },
        {
          "name": "RHSA-2018:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2389"
        },
        {
          "name": "RHSA-2018:2390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2390"
        },
        {
          "name": "RHSA-2018:2403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2403"
        },
        {
          "name": "105080",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105080"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "USN-3740-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3740-2/"
        },
        {
          "name": "FreeBSD-SA-18:09",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
        },
        {
          "name": "DSA-4274",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4274"
        },
        {
          "name": "FEDORA-2018-1c80fea1cd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
        },
        {
          "name": "RHSA-2018:2388",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2388"
        },
        {
          "name": "USN-3741-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-1/"
        },
        {
          "name": "RHSA-2018:2603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2603"
        },
        {
          "name": "RHSA-2018:2402",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2402"
        },
        {
          "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
        },
        {
          "name": "FEDORA-2018-f8cba144ae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
        },
        {
          "name": "USN-3742-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-2/"
        },
        {
          "name": "RHSA-2018:2404",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2404"
        },
        {
          "name": "USN-3740-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3740-1/"
        },
        {
          "name": "RHSA-2018:2391",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2391"
        },
        {
          "name": "RHSA-2018:2396",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2396"
        },
        {
          "name": "DSA-4279",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4279"
        },
        {
          "name": "RHSA-2018:2392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2392"
        },
        {
          "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
        },
        {
          "name": "USN-3742-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-1/"
        },
        {
          "name": "RHSA-2018:2602",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2602"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "name": "RHSA-2018:2394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2394"
        },
        {
          "name": "RHSA-2018:2387",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2387"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-273.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://foreshadowattack.eu/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K95275140"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_45"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-08-14T00:00:00",
          "ID": "CVE-2018-3620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#982149",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/982149"
            },
            {
              "name": "1041451",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041451"
            },
            {
              "name": "GLSA-201810-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-06"
            },
            {
              "name": "USN-3741-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-2/"
            },
            {
              "name": "RHSA-2018:2393",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2393"
            },
            {
              "name": "USN-3823-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3823-1/"
            },
            {
              "name": "RHSA-2018:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2389"
            },
            {
              "name": "RHSA-2018:2390",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "RHSA-2018:2403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2403"
            },
            {
              "name": "105080",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105080"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3740-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3740-2/"
            },
            {
              "name": "FreeBSD-SA-18:09",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc"
            },
            {
              "name": "DSA-4274",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4274"
            },
            {
              "name": "FEDORA-2018-1c80fea1cd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/"
            },
            {
              "name": "RHSA-2018:2388",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2388"
            },
            {
              "name": "USN-3741-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-1/"
            },
            {
              "name": "RHSA-2018:2603",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2603"
            },
            {
              "name": "RHSA-2018:2402",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2402"
            },
            {
              "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
            },
            {
              "name": "FEDORA-2018-f8cba144ae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/"
            },
            {
              "name": "USN-3742-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "RHSA-2018:2404",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2404"
            },
            {
              "name": "USN-3740-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3740-1/"
            },
            {
              "name": "RHSA-2018:2391",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2391"
            },
            {
              "name": "RHSA-2018:2396",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "DSA-4279",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4279"
            },
            {
              "name": "RHSA-2018:2392",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2392"
            },
            {
              "name": "[debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00029.html"
            },
            {
              "name": "USN-3742-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:2602",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2602"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:2387",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-273.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-273.html"
            },
            {
              "name": "https://foreshadowattack.eu/",
              "refsource": "MISC",
              "url": "https://foreshadowattack.eu/"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2018-0021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180815-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018"
            },
            {
              "name": "https://support.f5.com/csp/article/K95275140",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K95275140"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-24163",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_45",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_45"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
            },
            {
              "name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
              "refsource": "CONFIRM",
              "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3620",
    "datePublished": "2018-08-14T19:00:00Z",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-09-17T01:01:22.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-584

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature

Action not permitted

CERTFR-2018-AVI-584

Vulnerability from certfr_avis

Solution

CVE-2018-8037 (GCVE-0-2018-8037)

Vulnerability from cvelistv5

CVE-2018-1087 (GCVE-0-2018-1087)

Vulnerability from cvelistv5

CVE-2018-3665 (GCVE-0-2018-3665)

Vulnerability from cvelistv5

CVE-2018-5390 (GCVE-0-2018-5390)

Vulnerability from cvelistv5

CVE-2018-8034 (GCVE-0-2018-8034)

Vulnerability from cvelistv5

CVE-2018-1730 (GCVE-0-2018-1730)

Vulnerability from cvelistv5

CVE-2018-8897 (GCVE-0-2018-8897)

Vulnerability from cvelistv5

CVE-2018-7566 (GCVE-0-2018-7566)

Vulnerability from cvelistv5

CVE-2018-1000199 (GCVE-0-2018-1000199)

Vulnerability from cvelistv5

CVE-2018-10675 (GCVE-0-2018-10675)

Vulnerability from cvelistv5

CVE-2018-1091 (GCVE-0-2018-1091)

Vulnerability from cvelistv5

CVE-2017-16939 (GCVE-0-2017-16939)

Vulnerability from cvelistv5

CVE-2018-3693 (GCVE-0-2018-3693)

Vulnerability from cvelistv5

CVE-2018-1068 (GCVE-0-2018-1068)

Vulnerability from cvelistv5

CVE-2018-1728 (GCVE-0-2018-1728)

Vulnerability from cvelistv5

CVE-2018-3646 (GCVE-0-2018-3646)

Vulnerability from cvelistv5

CVE-2018-3620 (GCVE-0-2018-3620)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature