Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-213
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.3 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian 7 ppc64le | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation 6 x86_64 | ||
Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour Power, little endian 8 ppc64le | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian 6 ppc64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 6.5 x86_64 | ||
Red Hat | N/A | MRG Realtime 2 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems 6 s390x | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time pour NFV 7 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.4 s390x | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.4 x86_64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.3 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time 7 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.6 s390x | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour x86_64 8 x86_64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.6 ppc64le | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.6 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems 8 s390x | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.4 x86_64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server 7 x86_64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.4 ppc64le | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server 6 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.3 ppc64le | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop 6 i386 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.6 ppc64le | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server 6 i386 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation 7 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.5 ppc64le | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.6 x86_64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.4 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.6 ppc64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time 8 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.5 ppc64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.4 ppc64 | ||
Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour ARM 64 8 aarch64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation 6 i386 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Scientific Computing 6 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time pour NFV 8 x86_64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems 7 s390x | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.3 x86_64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop 6 x86_64 | ||
Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.6 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Scientific Computing 7 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian 7 ppc64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop 7 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour ARM 64 8 aarch64 | ||
Oracle | Virtualization | Red Hat Virtualization Host 4 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.5 s390x | ||
Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder pour x86_64 8 x86_64 | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.4 ppc64le | ||
Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian 8 ppc64le |
References
Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.3 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, little endian 7 ppc64le", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Workstation 6 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat CodeReady Linux Builder pour Power, little endian 8 ppc64le", "product": { "name": "Red Hat CodeReady Linux Builder", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, big endian 6 ppc64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - AUS 6.5 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "MRG Realtime 2 x86_64", "product": { "name": "N/A", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour IBM z Systems 6 s390x", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Real Time pour NFV 7 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.4 s390x", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.4 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - AUS 7.3 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Real Time 7 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.6 s390x", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour x86_64 8 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.6 ppc64le", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.6 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour IBM z Systems 8 s390x", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - AUS 7.4 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server 7 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.4 ppc64le", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server 6 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.3 ppc64le", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Desktop 6 i386", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.6 ppc64le", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server 6 i386", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Workstation 7 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.5 ppc64le", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - TUS 7.6 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - TUS 7.4 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.6 ppc64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Real Time 8 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.5 ppc64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.4 ppc64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat CodeReady Linux Builder pour ARM 64 8 aarch64", "product": { "name": "Red Hat CodeReady Linux Builder", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Workstation 6 i386", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Scientific Computing 6 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Real Time pour NFV 8 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour IBM z Systems 7 s390x", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - TUS 7.3 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Desktop 6 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Server - AUS 7.6 x86_64", "product": { "name": "Red Hat Enterprise Linux Server", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Scientific Computing 7 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, big endian 7 ppc64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux Desktop 7 x86_64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour ARM 64 8 aarch64", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Virtualization Host 4 x86_64", "product": { "name": "Virtualization", "vendor": { "name": "Oracle", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.5 s390x", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat CodeReady Linux Builder pour x86_64 8 x86_64", "product": { "name": "Red Hat CodeReady Linux Builder", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.4 ppc64le", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } }, { "description": "Red Hat Enterprise Linux pour Power, little endian 8 ppc64le", "product": { "name": "Red Hat Enterprise Linux", "vendor": { "name": "Red Hat", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2017-12190", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12190" }, { "name": "CVE-2019-11091", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091" }, { "name": "CVE-2018-1068", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1068" }, { "name": "CVE-2016-7913", "url": "https://www.cve.org/CVERecord?id=CVE-2016-7913" }, { "name": "CVE-2017-16939", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16939" }, { "name": "CVE-2018-12127", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127" }, { "name": "CVE-2017-1000407", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000407" }, { "name": "CVE-2016-8633", "url": "https://www.cve.org/CVERecord?id=CVE-2016-8633" }, { "name": "CVE-2017-13215", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13215" }, { "name": "CVE-2018-12130", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130" }, { "name": "CVE-2018-18559", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18559" }, { "name": "CVE-2017-11600", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11600" }, { "name": "CVE-2017-17558", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17558" }, { "name": "CVE-2018-3665", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3665" }, { "name": "CVE-2018-12126", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126" } ], "initial_release_date": "2019-05-15T00:00:00", "last_revision_date": "2019-05-15T00:00:00", "links": [], "reference": "CERTFR-2019-AVI-213", "revisions": [ { "description": "Version initiale", "revision_date": "2019-05-15T00:00:00.000000" } ], "risks": [ { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Ex\u00e9cution de code arbitraire" }, { "description": "D\u00e9ni de service" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRedHat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1190 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1155 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1155" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1171 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1171" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1168 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1168" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1174 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1174" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1176 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1176" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1169 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1169" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1196 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1196" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1170 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1167 du 14 mai 2019", "url": "https://access.redhat.com/errata/RHSA-2019:1167" } ] }
CVE-2017-17558 (GCVE-0-2017-17558)
Vulnerability from cvelistv5
Published
2017-12-12 15:00
Modified
2024-08-05 20:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:51:32.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "DSA-4082", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4082" }, { "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2017/12/12/7" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "DSA-4073", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4073" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.spinics.net/lists/linux-usb/msg163644.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-12-12T00:00:00", "descriptions": [ { "lang": "en", "value": "The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-16T17:40:47", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "DSA-4082", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4082" }, { "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "tags": [ "x_refsource_MISC" ], "url": "http://openwall.com/lists/oss-security/2017/12/12/7" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "DSA-4073", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4073" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.spinics.net/lists/linux-usb/msg163644.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17558", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "DSA-4082", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4082" }, { "name": "[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html" }, { "name": "SUSE-SU-2018:0011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "http://openwall.com/lists/oss-security/2017/12/12/7", "refsource": "MISC", "url": "http://openwall.com/lists/oss-security/2017/12/12/7" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "DSA-4073", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4073" }, { "name": "https://www.spinics.net/lists/linux-usb/msg163644.html", "refsource": "MISC", "url": "https://www.spinics.net/lists/linux-usb/msg163644.html" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17558", "datePublished": "2017-12-12T15:00:00", "dateReserved": "2017-12-12T00:00:00", "dateUpdated": "2024-08-05T20:51:32.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-11600 (GCVE-0-2017-11600)
Vulnerability from cvelistv5
Published
2017-07-24 07:00
Modified
2024-08-05 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.
References
URL | Tags | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:12:40.472Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:2003", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2003" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "RHSA-2018:1965", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1965" }, { "name": "99928", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99928" }, { "name": "DSA-3981", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3981" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://seclists.org/bugtraq/2017/Jul/30" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-07-24T00:00:00", "descriptions": [ { "lang": "en", "value": "net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-14T22:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2018:2003", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2003" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "RHSA-2018:1965", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1965" }, { "name": "99928", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99928" }, { "name": "DSA-3981", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3981" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://seclists.org/bugtraq/2017/Jul/30" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11600", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:2003", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2003" }, { "name": "SUSE-SU-2018:0011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "RHSA-2018:1965", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1965" }, { "name": "99928", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99928" }, { "name": "DSA-3981", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3981" }, { "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "name": "http://seclists.org/bugtraq/2017/Jul/30", "refsource": "MISC", "url": "http://seclists.org/bugtraq/2017/Jul/30" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11600", "datePublished": "2017-07-24T07:00:00", "dateReserved": "2017-07-24T00:00:00", "dateUpdated": "2024-08-05T18:12:40.472Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-13215 (GCVE-0-2017-13215)
Vulnerability from cvelistv5
Published
2018-01-12 23:00
Modified
2024-09-16 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Google Inc. | Android |
Version: Android kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:58:12.703Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102390", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102390" }, { "name": "RHSA-2018:2395", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "RHSA-2018:2384", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "Google Inc.", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "datePublic": "2018-01-02T00:00:00", "descriptions": [ { "lang": "en", "value": "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-14T22:06:08", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "name": "102390", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102390" }, { "name": "RHSA-2018:2395", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "RHSA-2018:2384", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040106" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "DATE_PUBLIC": "2018-01-02T00:00:00", "ID": "CVE-2017-13215", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android", "version": { "version_data": [ { "version_value": "Android kernel" } ] } } ] }, "vendor_name": "Google Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of privilege" } ] } ] }, "references": { "reference_data": [ { "name": "102390", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102390" }, { "name": "RHSA-2018:2395", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "RHSA-2018:2384", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "name": "https://source.android.com/security/bulletin/2018-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "name": "1040106", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040106" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2017-13215", "datePublished": "2018-01-12T23:00:00Z", "dateReserved": "2017-08-23T00:00:00", "dateUpdated": "2024-09-16T17:59:42.805Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-7913 (GCVE-0-2016-7913)
Vulnerability from cvelistv5
Published
2016-11-16 04:49
Modified
2024-08-06 02:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.
References
URL | Tags | |||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:13:20.821Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18" }, { "name": "94201", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94201" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-04-27T00:00:00", "descriptions": [ { "lang": "en", "value": "The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-14T22:06:08", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18" }, { "name": "94201", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94201" }, { "name": "USN-3798-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@android.com", "ID": "CVE-2016-7913", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "http://source.android.com/security/bulletin/2016-11-01.html" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "https://github.com/torvalds/linux/commit/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18" }, { "name": "94201", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94201" }, { "name": "USN-3798-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-1/" }, { "name": "USN-3798-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3798-2/" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ] } } } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-7913", "datePublished": "2016-11-16T04:49:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:13:20.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-12190 (GCVE-0-2017-12190)
Vulnerability from cvelistv5
Published
2017-11-22 18:00
Modified
2024-08-05 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Linux kernel through v4.14-rc5 |
Version: Linux kernel through v4.14-rc5 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:28:16.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058" }, { "name": "101911", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101911" }, { "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "RHSA-2018:1854", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "name": "USN-3582-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3582-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467" }, { "name": "RHSA-2018:0654", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0654" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://seclists.org/oss-sec/2017/q4/52" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "USN-3582-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3582-2/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel through v4.14-rc5", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel through v4.14-rc5" } ] } ], "datePublic": "2017-11-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-13T02:06:45", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058" }, { "name": "101911", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101911" }, { "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "RHSA-2018:1854", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1854" }, { "name": "USN-3582-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3582-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467" }, { "name": "RHSA-2018:0654", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0654" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495089" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://seclists.org/oss-sec/2017/q4/52" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "USN-3582-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3582-2/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K93472064?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-12190", "datePublished": "2017-11-22T18:00:00", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-08-05T18:28:16.645Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-1000407 (GCVE-0-2017-1000407)
Vulnerability from cvelistv5
Published
2017-12-11 21:00
Modified
2024-08-05 22:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:00:40.987Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "DSA-4082", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4082" }, { "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" }, { "name": "[oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2017/12/04/2" }, { "name": "102038", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102038" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://access.redhat.com/security/cve/cve-2017-1000407" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "DSA-4073", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4073" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "[kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://www.spinics.net/lists/kvm/msg159809.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-12-01T00:00:00", "descriptions": [ { "lang": "en", "value": "The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-14T21:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3617-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "DSA-4082", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4082" }, { "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" }, { "name": "[oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2017/12/04/2" }, { "name": "102038", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102038" }, { "name": "USN-3583-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "USN-3632-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3632-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://access.redhat.com/security/cve/cve-2017-1000407" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "USN-3583-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "DSA-4073", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4073" }, { "name": "USN-3617-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "[kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://www.spinics.net/lists/kvm/msg159809.html" }, { "name": "USN-3619-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-1000407", "REQUESTER": "ppandit@redhat.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3617-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-1/" }, { "name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/" }, { "name": "DSA-4082", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4082" }, { "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" }, { "name": "[oss-security] 20171204 CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/12/04/2" }, { "name": "102038", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102038" }, { "name": "USN-3583-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-2/" }, { "name": "USN-3632-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3632-1/" }, { "name": "https://access.redhat.com/security/cve/cve-2017-1000407", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/cve/cve-2017-1000407" }, { "name": "RHSA-2018:1062", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "name": "USN-3583-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3583-1/" }, { "name": "RHSA-2018:0676", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "name": "DSA-4073", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4073" }, { "name": "USN-3617-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3617-2/" }, { "name": "[kvm] 20171201 [PATCH 1/2] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts", "refsource": "MLIST", "url": "https://www.spinics.net/lists/kvm/msg159809.html" }, { "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000407", "datePublished": "2017-12-11T21:00:00", "dateReserved": "2017-12-05T00:00:00", "dateUpdated": "2024-08-05T22:00:40.987Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-12130 (GCVE-0-2018-12130)
Vulnerability from cvelistv5
Published
2019-05-30 15:40
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Intel Corporation | Central Processing Units (CPUs) |
Version: A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:30:57.431Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "DSA-4602", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-56" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Central Processing Units (CPUs)", "vendor": "Intel Corporation", "versions": [ { "status": "affected", "version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } ], "datePublic": "2019-05-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-26T14:06:15", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "DSA-4602", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-56" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2018-12130", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Central Processing Units (CPUs)", "version": { "version_data": [ { "version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_24", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "DSA-4602", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-56" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2018-12130", "datePublished": "2019-05-30T15:40:44", "dateReserved": "2018-06-11T00:00:00", "dateUpdated": "2024-08-05T08:30:57.431Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2016-8633 (GCVE-0-2016-8633)
Vulnerability from cvelistv5
Published
2016-11-28 03:01
Modified
2024-08-06 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
References
URL | Tags | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:27:41.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7" }, { "name": "94149", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94149" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac" }, { "name": "[oss-security] 20161106 Re: [engineering.redhat.com #426293] CVE Request - firewire driver RCE - linux 4.8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/11/06/1" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-14T22:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7" }, { "name": "94149", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94149" }, { "name": "RHSA-2018:1062", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1062" }, { "tags": [ "x_refsource_MISC" ], "url": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/" }, { "name": "RHSA-2018:0676", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0676" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac" }, { "name": "[oss-security] 20161106 Re: [engineering.redhat.com #426293] CVE Request - firewire driver RCE - linux 4.8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/11/06/1" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-8633", "datePublished": "2016-11-28T03:01:00", "dateReserved": "2016-10-12T00:00:00", "dateUpdated": "2024-08-06T02:27:41.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-3665 (GCVE-0-2018-3665)
Vulnerability from cvelistv5
Published
2018-06-21 20:00
Modified
2024-09-17 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Intel Corporation | Intel Core-based microprocessors |
Version: All |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T04:50:30.430Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "RHSA-2018:2164", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2164" }, { "name": "USN-3696-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3696-1/" }, { "name": "1041125", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041125" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "RHSA-2018:1944", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1944" }, { "name": "RHSA-2018:1852", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1852" }, { "name": "FreeBSD-SA-18:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc" }, { "name": "1041124", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041124" }, { "name": "RHSA-2018:2165", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2165" }, { "name": "DSA-4232", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4232" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "USN-3696-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3696-2/" }, { "name": "104460", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104460" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3698-2/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_18_31" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20181016-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.citrix.com/article/CTX235745" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2018-3665" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel Core-based microprocessors", "vendor": "Intel Corporation", "versions": [ { "status": "affected", "version": "All" } ] } ], "datePublic": "2018-06-13T00:00:00", "descriptions": [ { "lang": "en", "value": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-15T02:22:59", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "RHSA-2018:2164", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2164" }, { "name": "USN-3696-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3696-1/" }, { "name": "1041125", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041125" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "RHSA-2018:1944", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1944" }, { "name": "RHSA-2018:1852", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1852" }, { "name": "FreeBSD-SA-18:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc" }, { "name": "1041124", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041124" }, { "name": "RHSA-2018:2165", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2165" }, { "name": "DSA-4232", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4232" }, { "name": "USN-3698-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "USN-3696-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3696-2/" }, { "name": "104460", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104460" }, { "name": "USN-3698-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3698-2/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_18_31" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20181016-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.citrix.com/article/CTX235745" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.paloaltonetworks.com/CVE-2018-3665" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2018-06-13T00:00:00", "ID": "CVE-2018-3665", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel Core-based microprocessors", "version": { "version_data": [ { "version_value": "All" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "name": "RHSA-2018:2164", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2164" }, { "name": "USN-3696-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3696-1/" }, { "name": "1041125", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041125" }, { "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "name": "RHSA-2018:1944", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1944" }, { "name": "RHSA-2018:1852", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1852" }, { "name": "FreeBSD-SA-18:07", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc" }, { "name": "1041124", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041124" }, { "name": "RHSA-2018:2165", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2165" }, { "name": "DSA-4232", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4232" }, { "name": "USN-3698-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-1/" }, { "name": "USN-3696-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3696-2/" }, { "name": "104460", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104460" }, { "name": "USN-3698-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3698-2/" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", "refsource": "CONFIRM", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_31", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_31" }, { "name": "https://security.netapp.com/advisory/ntap-20181016-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181016-0001/" }, { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html" }, { "name": "https://support.citrix.com/article/CTX235745", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX235745" }, { "name": "https://security.paloaltonetworks.com/CVE-2018-3665", "refsource": "CONFIRM", "url": "https://security.paloaltonetworks.com/CVE-2018-3665" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2018-3665", "datePublished": "2018-06-21T20:00:00Z", "dateReserved": "2017-12-28T00:00:00", "dateUpdated": "2024-09-17T01:01:36.405Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-12127 (GCVE-0-2018-12127)
Vulnerability from cvelistv5
Published
2019-05-30 15:38
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Intel Corporation | Central Processing Units (CPUs) |
Version: A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:30:57.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "DSA-4602", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-56" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Central Processing Units (CPUs)", "vendor": "Intel Corporation", "versions": [ { "status": "affected", "version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } ], "datePublic": "2019-05-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-26T14:06:07", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "DSA-4602", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-56" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2018-12127", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Central Processing Units (CPUs)", "version": { "version_data": [ { "version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_24", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "DSA-4602", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-56" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2018-12127", "datePublished": "2019-05-30T15:38:38", "dateReserved": "2018-06-11T00:00:00", "dateUpdated": "2024-08-05T08:30:57.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-11091 (GCVE-0-2019-11091)
Vulnerability from cvelistv5
Published
2019-05-30 15:28
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Intel Corporation | Central Processing Units (CPUs) |
Version: A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:16.292Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "name": "DSA-4602", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-56" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Central Processing Units (CPUs)", "vendor": "Intel Corporation", "versions": [ { "status": "affected", "version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } ], "datePublic": "2019-05-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-26T14:06:10", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "name": "DSA-4602", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-56" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2019-11091", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Central Processing Units (CPUs)", "version": { "version_data": [ { "version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_24", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "name": "DSA-4602", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-56" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-11091", "datePublished": "2019-05-30T15:28:28", "dateReserved": "2019-04-11T00:00:00", "dateUpdated": "2024-08-04T22:40:16.292Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-12126 (GCVE-0-2018-12126)
Vulnerability from cvelistv5
Published
2019-05-30 15:36
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
References
URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Intel Corporation | Central ProcCVE-2018-12126essing Units (CPUs) |
Version: A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:30:57.443Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "DSA-4602", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-56" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Central ProcCVE-2018-12126essing Units (CPUs)", "vendor": "Intel Corporation", "versions": [ { "status": "affected", "version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } ], "datePublic": "2019-05-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-26T14:06:17", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "DSA-4602", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-56" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2018-12126", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Central ProcCVE-2018-12126essing Units (CPUs)", "version": { "version_data": [ { "version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_24", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_24" }, { "name": "FEDORA-2019-1f5832fc0e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/" }, { "name": "openSUSE-SU-2019:1505", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html" }, { "name": "RHSA-2019:1455", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1455" }, { "name": "USN-3977-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3977-3/" }, { "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html" }, { "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/28" }, { "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/36" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf" }, { "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en" }, { "name": "openSUSE-SU-2019:1805", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html" }, { "name": "openSUSE-SU-2019:1806", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html" }, { "name": "FreeBSD-SA-19:07", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc" }, { "name": "RHSA-2019:2553", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2553" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "name": "FreeBSD-SA-19:26", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc" }, { "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/16" }, { "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/15" }, { "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" }, { "name": "DSA-4602", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4602" }, { "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/21" }, { "name": "GLSA-202003-56", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-56" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2018-12126", "datePublished": "2019-05-30T15:36:05", "dateReserved": "2018-06-11T00:00:00", "dateUpdated": "2024-08-05T08:30:57.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2017-16939 (GCVE-0-2017-16939)
Vulnerability from cvelistv5
Published
2017-11-24 10:00
Modified
2024-08-05 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:43:59.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4082", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4082" }, { "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1069702" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2017/Nov/40" }, { "name": "RHSA-2018:1355", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:1318", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "101954", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101954" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.securiteam.com/index.php/archives/3535" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-11-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-14T22:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4082", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4082" }, { "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" }, { "name": "SUSE-SU-2018:0011", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1069702" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11" }, { "tags": [ "x_refsource_MISC" ], "url": "http://seclists.org/fulldisclosure/2017/Nov/40" }, { "name": "RHSA-2018:1355", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:1318", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "101954", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101954" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.securiteam.com/index.php/archives/3535" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16939", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4082", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4082" }, { "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" }, { "name": "SUSE-SU-2018:0011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1069702", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1069702" }, { "name": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/1137b5e2529a8f5ca8ee709288ecba3e68044df2" }, { "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11", "refsource": "MISC", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11" }, { "name": "http://seclists.org/fulldisclosure/2017/Nov/40", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2017/Nov/40" }, { "name": "RHSA-2018:1355", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:1318", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "101954", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101954" }, { "name": "https://blogs.securiteam.com/index.php/archives/3535", "refsource": "MISC", "url": "https://blogs.securiteam.com/index.php/archives/3535" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1137b5e2529a8f5ca8ee709288ecba3e68044df2" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16939", "datePublished": "2017-11-24T10:00:00", "dateReserved": "2017-11-24T00:00:00", "dateUpdated": "2024-08-05T20:43:59.514Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-1068 (GCVE-0-2018-1068)
Vulnerability from cvelistv5
Published
2018-03-16 16:00
Modified
2024-09-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux Kernel Organization, Inc. | Linux Kernel |
Version: 4.x |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:47.340Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://marc.info/?l=linux-netdev\u0026m=152023808817590\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "RHSA-2018:1355", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "103459", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103459" }, { "name": "RHSA-2018:1318", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://marc.info/?l=linux-netdev\u0026m=152025888924151\u0026w=2" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Linux Kernel Organization, Inc.", "versions": [ { "status": "affected", "version": "4.x" } ] } ], "datePublic": "2018-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-10T15:06:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-4187", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "USN-3674-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048" }, { "name": "DSA-4188", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://marc.info/?l=linux-netdev\u0026m=152023808817590\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "name": "USN-3674-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "RHSA-2018:1355", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "103459", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103459" }, { "name": "RHSA-2018:1318", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "USN-3677-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3654-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://marc.info/?l=linux-netdev\u0026m=152025888924151\u0026w=2" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2018-1068", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "version_value": "4.x" } ] } } ] }, "vendor_name": "Linux Kernel Organization, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187" }, { "name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/" }, { "name": "USN-3674-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-1/" }, { "name": "USN-3677-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-1/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048" }, { "name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188" }, { "name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries", "refsource": "MLIST", "url": "https://marc.info/?l=linux-netdev\u0026m=152023808817590\u0026w=2" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "name": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6" }, { "name": "USN-3674-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-2/" }, { "name": "RHSA-2018:1355", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1355" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "103459", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103459" }, { "name": "RHSA-2018:1318", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1318" }, { "name": "USN-3677-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-2/" }, { "name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/" }, { "name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries", "refsource": "MLIST", "url": "https://marc.info/?l=linux-netdev\u0026m=152025888924151\u0026w=2" }, { "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" }, { "name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "RHSA-2019:4159", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4159" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1068", "datePublished": "2018-03-16T16:00:00Z", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-09-16T16:13:09.145Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-18559 (GCVE-0-2018-18559)
Vulnerability from cvelistv5
Published
2018-10-22 16:00
Modified
2024-08-05 11:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.
References
URL | Tags | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:16:00.392Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2019:0188", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0188" }, { "name": "RHSA-2019:0163", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0163" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.securiteam.com/index.php/archives/3731" }, { "name": "RHBA-2019:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "RHSA-2019:3967", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3967" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "name": "RHSA-2020:0174", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-22T00:00:00", "descriptions": [ { "lang": "en", "value": "In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-21T19:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2019:0188", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0188" }, { "name": "RHSA-2019:0163", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0163" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.securiteam.com/index.php/archives/3731" }, { "name": "RHBA-2019:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "name": "RHSA-2019:1170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "RHSA-2019:3967", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3967" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "name": "RHSA-2020:0174", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18559", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2019:0188", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0188" }, { "name": "RHSA-2019:0163", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0163" }, { "name": "https://blogs.securiteam.com/index.php/archives/3731", "refsource": "MISC", "url": "https://blogs.securiteam.com/index.php/archives/3731" }, { "name": "RHBA-2019:0327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170" }, { "name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190" }, { "name": "RHSA-2019:3967", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3967" }, { "name": "RHSA-2019:4159", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "name": "RHSA-2020:0174", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18559", "datePublished": "2018-10-22T16:00:00", "dateReserved": "2018-10-22T00:00:00", "dateUpdated": "2024-08-05T11:16:00.392Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…