All the vulnerabilites related to The Linux Foundation - kernel
cve-2018-16880
Vulnerability from cvelistv5
Published
2019-01-29 16:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3903-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/106735 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3903-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://support.f5.com/csp/article/K03593314 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html | vendor-advisory, x_refsource_SUSE |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:32:54.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3903-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3903-2/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880" }, { "name": "106735", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106735" }, { "name": "USN-3903-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3903-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K03593314" }, { "name": "openSUSE-SU-2019:1404", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "from v4.16 and newer" } ] } ], "datePublic": "2019-01-25T00:00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel\u0027s handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-16T14:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-3903-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3903-2/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880" }, { "name": "106735", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106735" }, { "name": "USN-3903-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3903-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K03593314" }, { "name": "openSUSE-SU-2019:1404", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16880", "datePublished": "2019-01-29T16:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:32:54.187Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14633
Vulnerability from cvelistv5
Published
2018-09-25 00:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:38:13.035Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3776-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3776-1/" }, { "name": "USN-3776-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3776-2/" }, { "name": "USN-3777-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3777-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633" }, { "name": "USN-3775-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3775-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://seclists.org/oss-sec/2018/q3/270" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "name": "USN-3779-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3779-1/" }, { "name": "105388", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105388" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes\u0026id=8c39e2699f8acb2e29782a834e56306da24937fe" }, { "name": "RHSA-2018:3666", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3666" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes\u0026id=1816494330a83f2a064499d8ed2797045641f92c" }, { "name": "DSA-4308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "name": "RHSA-2018:3651", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3651" }, { "name": "USN-3775-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3775-2/" }, { "name": "USN-3777-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3777-2/" }, { "name": "USN-3777-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3777-3/" }, { "name": "RHSA-2019:1946", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1946" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "4.18.x, 4.14.x, 3.10.x" } ] } ], "datePublic": "2018-09-24T00:00:00", "descriptions": [ { "lang": "en", "value": "A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target\u0027s code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-30T12:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-3776-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3776-1/" }, { "name": "USN-3776-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3776-2/" }, { "name": "USN-3777-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3777-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633" }, { "name": "USN-3775-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3775-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://seclists.org/oss-sec/2018/q3/270" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "name": "USN-3779-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3779-1/" }, { "name": "105388", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105388" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes\u0026id=8c39e2699f8acb2e29782a834e56306da24937fe" }, { "name": "RHSA-2018:3666", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3666" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes\u0026id=1816494330a83f2a064499d8ed2797045641f92c" }, { "name": "DSA-4308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "name": "RHSA-2018:3651", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3651" }, { "name": "USN-3775-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3775-2/" }, { "name": "USN-3777-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3777-2/" }, { "name": "USN-3777-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3777-3/" }, { "name": "RHSA-2019:1946", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1946" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-14633", "datePublished": "2018-09-25T00:00:00", "dateReserved": "2018-07-27T00:00:00", "dateUpdated": "2024-08-05T09:38:13.035Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3882
Vulnerability from cvelistv5
Published
2019-04-24 15:23
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.633Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3981-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3981-1/" }, { "name": "USN-3980-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3980-1/" }, { "name": "USN-3979-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3979-1/" }, { "name": "USN-3982-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3982-2/" }, { "name": "openSUSE-SU-2019:1404", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html" }, { "name": "USN-3982-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3982-1/" }, { "name": "openSUSE-SU-2019:1407", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html" }, { "name": "USN-3980-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3980-2/" }, { "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" }, { "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html" }, { "name": "USN-3981-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3981-2/" }, { "name": "openSUSE-SU-2019:1479", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" }, { "name": "20190813 [SECURITY] [DSA 4497-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Aug/18" }, { "name": "DSA-4497", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4497" }, { "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html" }, { "name": "RHSA-2019:3309", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3309" }, { "name": "RHSA-2019:3517", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3517" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3882" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190517-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "3.10, 4.14, 4.18" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel\u0027s vfio interface implementation that permits violation of the user\u0027s locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-13T15:13:51", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-3981-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3981-1/" }, { "name": "USN-3980-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3980-1/" }, { "name": "USN-3979-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3979-1/" }, { "name": "USN-3982-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3982-2/" }, { "name": "openSUSE-SU-2019:1404", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html" }, { "name": "USN-3982-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3982-1/" }, { "name": "openSUSE-SU-2019:1407", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html" }, { "name": "USN-3980-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3980-2/" }, { "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" }, { "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html" }, { "name": "USN-3981-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3981-2/" }, { "name": "openSUSE-SU-2019:1479", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" }, { "name": "20190813 [SECURITY] [DSA 4497-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Aug/18" }, { "name": "DSA-4497", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4497" }, { "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html" }, { "name": "RHSA-2019:3309", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3309" }, { "name": "RHSA-2019:3517", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3517" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3882" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190517-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3882", "datePublished": "2019-04-24T15:23:10", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.633Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3901
Vulnerability from cvelistv5
Published
2019-04-22 15:22
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/89937 | vdb-entry, x_refsource_BID | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html | mailing-list, x_refsource_MLIST | |
https://security.netapp.com/advisory/ntap-20190517-0005/ | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901 | x_refsource_CONFIRM |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:26.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "89937", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/89937" }, { "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" }, { "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190517-0005/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "older then 4.8" } ] } ], "descriptions": [ { "lang": "en", "value": "A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-667", "description": "CWE-667", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-04T18:00:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "89937", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/89937" }, { "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html" }, { "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190517-0005/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3901", "datePublished": "2019-04-22T15:22:15", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:26.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3887
Vulnerability from cvelistv5
Published
2019-04-09 00:00
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/107850 | vdb-entry | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE/ | vendor-advisory | |
https://usn.ubuntu.com/3980-1/ | vendor-advisory | |
https://usn.ubuntu.com/3979-1/ | vendor-advisory | |
https://usn.ubuntu.com/3980-2/ | vendor-advisory | |
https://access.redhat.com/errata/RHSA-2019:2703 | vendor-advisory | |
https://access.redhat.com/errata/RHSA-2019:2741 | vendor-advisory | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887 |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | Kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.713Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "107850", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107850" }, { "name": "FEDORA-2019-94dc902948", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE/" }, { "name": "USN-3980-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3980-1/" }, { "name": "USN-3979-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3979-1/" }, { "name": "USN-3980-2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3980-2/" }, { "name": "RHSA-2019:2703", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2703" }, { "name": "RHSA-2019:2741", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2741" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "from 4.16" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0\u0027s APIC register values via L2 guest, when \u0027virtualize x2APIC mode\u0027 is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-07T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "107850", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/107850" }, { "name": "FEDORA-2019-94dc902948", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE/" }, { "name": "USN-3980-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3980-1/" }, { "name": "USN-3979-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3979-1/" }, { "name": "USN-3980-2", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3980-2/" }, { "name": "RHSA-2019:2703", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2703" }, { "name": "RHSA-2019:2741", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2741" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3887", "datePublished": "2019-04-09T00:00:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.713Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3837
Vulnerability from cvelistv5
Published
2019-04-11 14:37
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3837 | x_refsource_CONFIRM |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.565Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3837" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "2.6.32 as shipped in rhel-6" } ] } ], "descriptions": [ { "lang": "en", "value": "It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-04T18:00:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3837" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3837", "datePublished": "2019-04-11T14:37:26", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.565Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3896
Vulnerability from cvelistv5
Published
2019-06-18 23:40
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3896 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/108814 | vdb-entry, x_refsource_BID | |
https://support.f5.com/csp/article/K04327111 | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190710-0002/ | x_refsource_CONFIRM |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:26.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3896" }, { "name": "108814", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108814" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K04327111" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190710-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "2.6.32" } ] } ], "descriptions": [ { "lang": "en", "value": "A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS)." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-10T11:06:04", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3896" }, { "name": "108814", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108814" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K04327111" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190710-0002/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3896", "datePublished": "2019-06-18T23:40:34", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:26.644Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14641
Vulnerability from cvelistv5
Published
2018-09-18 13:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.
References
▼ | URL | Tags |
---|---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:2948 | vendor-advisory, x_refsource_REDHAT | |
https://seclists.org/oss-sec/2018/q3/248 | mailing-list, x_refsource_MLIST |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:38:12.826Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "[oss-security] 20180918 CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm()", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://seclists.org/oss-sec/2018/q3/248" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "from 4.19-rc1 to 4.19-rc3 inclusive" } ] } ], "datePublic": "2018-09-18T00:00:00", "descriptions": [ { "lang": "en", "value": "A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-456", "description": "CWE-456", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "[oss-security] 20180918 CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm()", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://seclists.org/oss-sec/2018/q3/248" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-14641", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_value": "from 4.19-rc1 to 4.19-rc3 inclusive" } ] } } ] }, "vendor_name": "The Linux Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service." } ] }, "impact": { "cvss": [ [ { "vectorString": "6.5/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-456" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d407b071dc369c26a38398326ee2be53651cfe4" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14641" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "[oss-security] 20180918 CVE-2018-14641: Linux kernel: a security flaw in the ip_frag_reasm()", "refsource": "MLIST", "url": "https://seclists.org/oss-sec/2018/q3/248" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-14641", "datePublished": "2018-09-18T13:00:00", "dateReserved": "2018-07-27T00:00:00", "dateUpdated": "2024-08-05T09:38:12.826Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14634
Vulnerability from cvelistv5
Published
2018-09-25 21:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:38:13.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:3540", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3540" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0002/" }, { "name": "RHSA-2018:2925", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2925" }, { "name": "RHSA-2018:3591", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3591" }, { "name": "45516", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45516/" }, { "name": "USN-3775-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3775-1/" }, { "name": "RHSA-2018:2933", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2933" }, { "name": "USN-3779-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3779-1/" }, { "name": "RHSA-2018:2748", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2748" }, { "name": "RHSA-2018:3590", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3590" }, { "name": "USN-3775-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3775-2/" }, { "name": "RHSA-2018:2763", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2763" }, { "name": "105407", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105407" }, { "name": "RHSA-2018:2924", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2924" }, { "name": "RHSA-2018:3586", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3586" }, { "name": "RHSA-2018:3643", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3643" }, { "name": "RHSA-2018:2846", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2846" }, { "name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2018/09/25/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2018-14634" }, { "name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "2.6.x, 3.10.x, 4.14.x" } ] } ], "datePublic": "2018-09-25T00:00:00", "descriptions": [ { "lang": "en", "value": "An integer overflow flaw was found in the Linux kernel\u0027s create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-20T14:06:15", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2018:3540", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3540" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0002/" }, { "name": "RHSA-2018:2925", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2925" }, { "name": "RHSA-2018:3591", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3591" }, { "name": "45516", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45516/" }, { "name": "USN-3775-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3775-1/" }, { "name": "RHSA-2018:2933", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2933" }, { "name": "USN-3779-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3779-1/" }, { "name": "RHSA-2018:2748", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2748" }, { "name": "RHSA-2018:3590", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3590" }, { "name": "USN-3775-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3775-2/" }, { "name": "RHSA-2018:2763", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2763" }, { "name": "105407", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105407" }, { "name": "RHSA-2018:2924", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2924" }, { "name": "RHSA-2018:3586", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3586" }, { "name": "RHSA-2018:3643", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3643" }, { "name": "RHSA-2018:2846", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2846" }, { "name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://www.openwall.com/lists/oss-security/2018/09/25/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.paloaltonetworks.com/CVE-2018-14634" }, { "name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/07/20/2" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-14634", "datePublished": "2018-09-25T21:00:00", "dateReserved": "2018-07-27T00:00:00", "dateUpdated": "2024-08-05T09:38:13.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3874
Vulnerability from cvelistv5
Published
2019-03-25 18:30
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3981-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3980-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3979-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3982-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3982-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3980-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3981-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://access.redhat.com/errata/RHSA-2019:3309 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:3517 | vendor-advisory, x_refsource_REDHAT | |
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html | mailing-list, x_refsource_MLIST | |
https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874 | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20190411-0003/ | x_refsource_CONFIRM |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.619Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3981-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3981-1/" }, { "name": "USN-3980-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3980-1/" }, { "name": "USN-3979-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3979-1/" }, { "name": "USN-3982-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3982-2/" }, { "name": "USN-3982-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3982-1/" }, { "name": "USN-3980-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3980-2/" }, { "name": "USN-3981-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3981-2/" }, { "name": "RHSA-2019:3309", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3309" }, { "name": "RHSA-2019:3517", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3517" }, { "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190411-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "3.10.x and 4.18.x" } ] } ], "descriptions": [ { "lang": "en", "value": "The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-14T17:20:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-3981-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3981-1/" }, { "name": "USN-3980-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3980-1/" }, { "name": "USN-3979-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3979-1/" }, { "name": "USN-3982-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3982-2/" }, { "name": "USN-3982-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3982-1/" }, { "name": "USN-3980-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3980-2/" }, { "name": "USN-3981-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3981-2/" }, { "name": "RHSA-2019:3309", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3309" }, { "name": "RHSA-2019:3517", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3517" }, { "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190411-0003/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3874", "datePublished": "2019-03-25T18:30:37", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.619Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-16885
Vulnerability from cvelistv5
Published
2019-01-03 16:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/106296 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2019:2043 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2019:2029 | vendor-advisory, x_refsource_REDHAT |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:32:54.243Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885" }, { "name": "106296", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106296" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "3.10.x as shipped with Red Hat Enterprise Linux 7" } ] } ], "datePublic": "2019-01-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-06T16:06:24", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885" }, { "name": "106296", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106296" }, { "name": "RHSA-2019:2043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2043" }, { "name": "RHSA-2019:2029", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2029" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16885", "datePublished": "2019-01-03T16:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:32:54.243Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10751
Vulnerability from cvelistv5
Published
2020-05-26 14:54
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
The Linux Foundation | kernel |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:14:15.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20200527 CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/27/3" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "DSA-4699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4699" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "USN-4389-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4389-1/" }, { "name": "USN-4390-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4390-1/" }, { "name": "USN-4391-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4391-1/" }, { "name": "openSUSE-SU-2020:0935", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "name": "USN-4413-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "name": "USN-4412-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2020/04/30/5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "The Linux Foundation", "versions": [ { "status": "affected", "version": "before 5.7" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-349", "description": "CWE-349", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-14T17:20:13", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20200527 CVE-2020-10751 - Linux kernel: SELinux netlink permission check bypass", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/27/3" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "DSA-4699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4699" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "USN-4389-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4389-1/" }, { "name": "USN-4390-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4390-1/" }, { "name": "USN-4391-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4391-1/" }, { "name": "openSUSE-SU-2020:0935", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "name": "USN-4413-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "name": "USN-4412-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openwall.com/lists/oss-security/2020/04/30/5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10751", "datePublished": "2020-05-26T14:54:32", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:14:15.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }