Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-131
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module pour Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Open Buildservice Development Tools 15 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Basesystem 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP4 | ||
| SUSE | N/A | SUSE CaaS Platform 3.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP3 | ||
| SUSE | N/A | SUSE CaaS Platform ALL | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Legacy Software 15 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Development Tools 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module pour Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Open Buildservice Development Tools 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Basesystem 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform ALL",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Legacy Software 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Development Tools 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2024"
},
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2019-8980",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8980"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2018-12232",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12232"
},
{
"name": "CVE-2018-20669",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20669"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2019-3819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3819"
},
{
"name": "CVE-2019-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7308"
},
{
"name": "CVE-2019-3460",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
},
{
"name": "CVE-2019-7222",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7222"
},
{
"name": "CVE-2019-8912",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8912"
},
{
"name": "CVE-2019-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
}
],
"initial_release_date": "2019-03-27T00:00:00",
"last_revision_date": "2019-03-29T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-131",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-27T00:00:00.000000"
},
{
"description": "Ajout d\u0027un bulletin de s\u00e9curit\u00e9",
"revision_date": "2019-03-28T00:00:00.000000"
},
{
"description": "Ajout de bulletins de s\u00e9curit\u00e9 et de syst\u00e8mes affect\u00e9s",
"revision_date": "2019-03-29T00:00:00.000000"
},
{
"description": "Ajout de bulletins de s\u00e9curit\u00e9 et de syst\u00e8mes affect\u00e9s",
"revision_date": "2019-03-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0754-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190754-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0745-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190745-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0785-1 du 28 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190785-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0740-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190740-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0784-1 du 28 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190784-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0761-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190761-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0767-1 du 27 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190767-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0765-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190765-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0801-1 du 29 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190801-1/"
}
]
}
CVE-2019-2024 (GCVE-0-2019-2024)
Vulnerability from cvelistv5
Published
2019-06-19 20:06
Modified
2024-08-04 18:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:35:52.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-03-01"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-02T23:06:15",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2019-03-01"
},
{
"name": "USN-4094-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2019-2024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-03-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2019-03-01"
},
{
"name": "USN-4094-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-2024",
"datePublished": "2019-06-19T20:06:41",
"dateReserved": "2018-12-10T00:00:00",
"dateUpdated": "2024-08-04T18:35:52.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9213 (GCVE-0-2019-9213)
Vulnerability from cvelistv5
Published
2019-03-05 22:00
Modified
2024-08-04 21:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46502",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46502/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1"
},
{
"name": "107296",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107296"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1792"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1085",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "RHSA-2019:0831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0831"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1479"
},
{
"name": "RHSA-2019:1480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T18:06:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46502",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46502/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1"
},
{
"name": "107296",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107296"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1792"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1085",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "RHSA-2019:0831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0831"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1479"
},
{
"name": "RHSA-2019:1480",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46502",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46502/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105"
},
{
"name": "https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1"
},
{
"name": "107296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107296"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1792",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1792"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1085",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "USN-3933-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "openSUSE-SU-2019:1193",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "RHSA-2019:0831",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0831"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:1479",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1479"
},
{
"name": "RHSA-2019:1480",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1480"
},
{
"name": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9213",
"datePublished": "2019-03-05T22:00:00",
"dateReserved": "2019-02-27T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3460 (GCVE-0-2019-3460)
Vulnerability from cvelistv5
Published
2019-04-11 16:00
Modified
2024-08-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information leak
Summary
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"name": "[linux-bluetooth] 20190110 [PATCH 2/2] Bluetooth: check the buffer size for some messages before parsing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047%40kroah.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663179"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "[oss-security] 20190811 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "before 5.1-rc1"
},
{
"status": "affected",
"version": "fixed in 5.1-rc1"
}
]
}
],
"datePublic": "2019-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:06",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"name": "[linux-bluetooth] 20190110 [PATCH 2/2] Bluetooth: check the buffer size for some messages before parsing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047%40kroah.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "[oss-security] 20190811 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2019-3460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_value": "before 5.1-rc1"
},
{
"version_value": "fixed in 5.1-rc1"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"name": "[linux-bluetooth] 20190110 [PATCH 2/2] Bluetooth: check the buffer size for some messages before parsing",
"refsource": "MLIST",
"url": "https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/"
},
{
"name": "https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1663179",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663179"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "RHSA-2019:2043",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "[oss-security] 20190811 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0740",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3460",
"datePublished": "2019-04-11T16:00:20",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20669 (GCVE-0-2018-20669)
Vulnerability from cvelistv5
Published
2019-03-18 16:33
Modified
2024-08-05 12:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/i915/i915_gem_execbuffer.c"
},
{
"name": "[opensuse-security-announce] 20190218 [security-announce] openSUSE-SU-2019:0203-1: important: Security update for the Linux Kernel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "[oss-security] 20190123 Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/23/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2018-20669"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K32059550"
},
{
"name": "USN-4485-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4485-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T17:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/i915/i915_gem_execbuffer.c"
},
{
"name": "[opensuse-security-announce] 20190218 [security-announce] openSUSE-SU-2019:0203-1: important: Security update for the Linux Kernel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "[oss-security] 20190123 Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/23/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2018-20669"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K32059550"
},
{
"name": "USN-4485-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4485-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106748"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/i915/i915_gem_execbuffer.c",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/i915/i915_gem_execbuffer.c"
},
{
"name": "[opensuse-security-announce] 20190218 [security-announce] openSUSE-SU-2019:0203-1: important: Security update for the Linux Kernel",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "[oss-security] 20190123 Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/01/23/6"
},
{
"name": "https://access.redhat.com/security/cve/cve-2018-20669",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2018-20669"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "https://support.f5.com/csp/article/K32059550",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K32059550"
},
{
"name": "USN-4485-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4485-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20669",
"datePublished": "2019-03-18T16:33:59",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7222 (GCVE-0-2019-7222)
Vulnerability from cvelistv5
Published
2019-03-17 18:52
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"name": "106963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106963"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a"
},
{
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"name": "106963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106963"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a"
},
{
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-164946aa7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"name": "106963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106963"
},
{
"name": "FEDORA-2019-3da64f3e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a"
},
{
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "USN-3933-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:2043",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7222",
"datePublished": "2019-03-17T18:52:17",
"dateReserved": "2019-01-30T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3459 (GCVE-0-2019-3459)
Vulnerability from cvelistv5
Published
2019-04-11 15:53
Modified
2024-08-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information leak
Summary
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"name": "[linux-bluetooth] 20190110 [PATCH 1/2] Bluetooth: check message types in l2cap_get_conf_opt",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047%40kroah.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1120758"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "[oss-security] 20190811 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "before 5.1-rc1"
},
{
"status": "affected",
"version": "fixed in 5.1-rc1"
}
]
}
],
"datePublic": "2019-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:11",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"name": "[linux-bluetooth] 20190110 [PATCH 1/2] Bluetooth: check message types in l2cap_get_conf_opt",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047%40kroah.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1120758"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "[oss-security] 20190811 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2019-3459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_value": "before 5.1-rc1"
},
{
"version_value": "fixed in 5.1-rc1"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"name": "[linux-bluetooth] 20190110 [PATCH 1/2] Bluetooth: check message types in l2cap_get_conf_opt",
"refsource": "MLIST",
"url": "https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/"
},
{
"name": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1120758",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1120758"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "RHSA-2019:2043",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "[oss-security] 20190811 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0740",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3459",
"datePublished": "2019-04-11T15:53:35",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6974 (GCVE-0-2019-6974)
Vulnerability from cvelistv5
Published
2019-02-15 15:00
Modified
2024-08-04 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:32.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1765"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21"
},
{
"name": "46388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46388/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9"
},
{
"name": "107127",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107127"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K11186236"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K11186236?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2020:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T19:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1765"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21"
},
{
"name": "46388",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46388/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9"
},
{
"name": "107127",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107127"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K11186236"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K11186236?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2020:0103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1765",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1765"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21"
},
{
"name": "46388",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46388/"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8"
},
{
"name": "https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9"
},
{
"name": "107127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107127"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "USN-3933-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "https://support.f5.com/csp/article/K11186236",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K11186236"
},
{
"name": "RHSA-2019:0833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "RHSA-2019:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "https://support.f5.com/csp/article/K11186236?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K11186236?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2020:0103",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6974",
"datePublished": "2019-02-15T15:00:00",
"dateReserved": "2019-01-26T00:00:00",
"dateUpdated": "2024-08-04T20:38:32.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8980 (GCVE-0-2019-8980)
Vulnerability from cvelistv5
Published
2019-02-21 05:00
Modified
2024-08-04 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935705.html"
},
{
"name": "107120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935698.html"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K56480726"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-03T11:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935705.html"
},
{
"name": "107120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935698.html"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K56480726"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935705.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935705.html"
},
{
"name": "107120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107120"
},
{
"name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "https://support.f5.com/csp/article/K56480726",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K56480726"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8980",
"datePublished": "2019-02-21T05:00:00",
"dateReserved": "2019-02-20T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12232 (GCVE-0-2018-12232)
Vulnerability from cvelistv5
Published
2018-06-12 12:00
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3752-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3752-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"name": "104453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104453"
},
{
"name": "USN-3752-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3752-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3752-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"name": "104453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104453"
},
{
"name": "USN-3752-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"name": "https://patchwork.ozlabs.org/patch/926519/",
"refsource": "MISC",
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "https://lkml.org/lkml/2018/6/5/14",
"refsource": "MISC",
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"name": "104453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104453"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"name": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12232",
"datePublished": "2018-06-12T12:00:00",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7221 (GCVE-0-2019-7221)
Vulnerability from cvelistv5
Published
2019-03-17 18:26
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:44.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T11:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/02/18/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "https://support.f5.com/csp/article/K08413011",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7221",
"datePublished": "2019-03-17T18:26:10",
"dateReserved": "2019-01-30T00:00:00",
"dateUpdated": "2024-08-04T20:46:44.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7308 (GCVE-0-2019-7308)
Vulnerability from cvelistv5
Published
2019-02-01 22:00
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:45.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1711"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda"
},
{
"name": "106827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106827"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K43030517"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K43030517?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:06:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1711"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda"
},
{
"name": "106827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106827"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K43030517"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K43030517?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1711",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1711"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38"
},
{
"name": "https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda"
},
{
"name": "106827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106827"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "https://support.f5.com/csp/article/K43030517",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43030517"
},
{
"name": "https://support.f5.com/csp/article/K43030517?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43030517?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7308",
"datePublished": "2019-02-01T22:00:00",
"dateReserved": "2019-02-01T00:00:00",
"dateUpdated": "2024-08-04T20:46:45.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8912 (GCVE-0-2019-8912)
Vulnerability from cvelistv5
Published
2019-02-18 18:00
Modified
2024-08-04 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107063"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://patchwork.ozlabs.org/patch/1042902/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "RHSA-2020:0174",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T19:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "107063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107063"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://patchwork.ozlabs.org/patch/1042902/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "RHSA-2020:0174",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107063"
},
{
"name": "http://patchwork.ozlabs.org/patch/1042902/",
"refsource": "MISC",
"url": "http://patchwork.ozlabs.org/patch/1042902/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "RHSA-2020:0174",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8912",
"datePublished": "2019-02-18T18:00:00",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3819 (GCVE-0-2019-3819)
Vulnerability from cvelistv5
Published
2019-01-25 18:00
Modified
2024-08-04 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Foundation | kernel: |
Version: from v4.18 and newer |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106730",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106730"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel:",
"vendor": "The Linux Foundation",
"versions": [
{
"status": "affected",
"version": "from v4.18 and newer"
}
]
}
],
"datePublic": "2019-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (\"root\") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-02T23:06:14",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "106730",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106730"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "openSUSE-SU-2019:1193",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3819",
"datePublished": "2019-01-25T18:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5753 (GCVE-0-2017-5753)
Vulnerability from cvelistv5
Published
2018-01-04 13:00
Modified
2024-09-16 22:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Most Modern Operating Systems |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3542-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"name": "GLSA-201810-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "USN-3540-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "USN-3597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "SUSE-SU-2018:0012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "USN-3580-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "openSUSE-SU-2018:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "DSA-4188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "RHSA-2018:0292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#584653",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"name": "USN-3549-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX231399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://spectreattack.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "102371",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102371"
},
{
"name": "USN-3597-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "USN-3540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3540-1/"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3516-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
},
{
"name": "43427",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"name": "USN-3541-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3541-1/"
},
{
"name": "USN-3541-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"name": "USN-3542-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3542-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name": "openSUSE-SU-2018:0023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Most Modern Operating Systems",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2018-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T17:48:07",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3542-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"name": "GLSA-201810-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "USN-3540-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "USN-3597-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "SUSE-SU-2018:0012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "USN-3580-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "openSUSE-SU-2018:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "DSA-4188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "RHSA-2018:0292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#584653",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"name": "USN-3549-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX231399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://spectreattack.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "102371",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102371"
},
{
"name": "USN-3597-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "USN-3540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3540-1/"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3516-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
},
{
"name": "43427",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"name": "USN-3541-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3541-1/"
},
{
"name": "USN-3541-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"name": "USN-3542-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3542-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name": "openSUSE-SU-2018:0023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2017-5753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Most Modern Operating Systems",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3542-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "USN-3540-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
},
{
"name": "USN-3597-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "SUSE-SU-2018:0012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-002",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"name": "USN-3580-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"name": "https://support.f5.com/csp/article/K91229003",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K91229003"
},
{
"name": "openSUSE-SU-2018:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "RHSA-2018:0292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0292"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-254.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180104-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_01",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_01"
},
{
"name": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#584653",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
},
{
"name": "USN-3549-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"name": "https://support.citrix.com/article/CTX231399",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX231399"
},
{
"name": "https://spectreattack.com/",
"refsource": "MISC",
"url": "https://spectreattack.com/"
},
{
"name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
"refsource": "CONFIRM",
"url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
},
{
"name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
"refsource": "CONFIRM",
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"name": "1040071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040071"
},
{
"name": "102371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102371"
},
{
"name": "USN-3597-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"name": "SUSE-SU-2018:0010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"name": "USN-3540-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3540-1/"
},
{
"name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
},
{
"name": "USN-3516-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
},
{
"name": "43427",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"name": "USN-3541-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3541-1/"
},
{
"name": "USN-3541-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"name": "USN-3542-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3542-1/"
},
{
"name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-18282",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
},
{
"name": "openSUSE-SU-2018:0023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "https://cdrdv2.intel.com/v1/dl/getContent/685359",
"refsource": "CONFIRM",
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2017-5753",
"datePublished": "2018-01-04T13:00:00Z",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-09-16T22:24:53.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…