Vulnerability-Lookup

BDU:2020-00329

Vulnerability from fstec - Published: 11.12.2019

Title

Уязвимость функции __blk_add_trace ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции __blk_add_trace ядра операционных систем Linux связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

ООО «РусБИТех-Астра», Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc.

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Ubuntu, Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Linux Enterprise, OpenSUSE Leap, Linux

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP4 (Suse Linux Enterprise Desktop), Server 12 SP1 LTSS (SUSE Linux Enterprise), Server 12 SP2 LTSS (SUSE Linux Enterprise), High Performance Computing 12 (SUSE Linux Enterprise), Module for Basesystem 15 GA (SUSE Linux Enterprise), Server 12 SP4 (SUSE Linux Enterprise), Server for SAP Applications 12 SP2 (SUSE Linux Enterprise), Server for SAP Applications 12 SP4 (SUSE Linux Enterprise), Server 12 SP5 (SUSE Linux Enterprise), Server for SAP Applications 12 SP3 (SUSE Linux Enterprise), Server for SAP Applications 12 SP5 (SUSE Linux Enterprise), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), Module for Basesystem 15 SP1 (SUSE Linux Enterprise), Module for Development Tools 15 GA (SUSE Linux Enterprise), Module for Development Tools 15 SP1 (SUSE Linux Enterprise), Server 12 SP3 LTSS (SUSE Linux Enterprise), Server 11 SP4 LTSS (SUSE Linux Enterprise), 9.10 (Ubuntu), от 4.0 до 4.4.223 включительно (Linux), от 4.5 до 4.9.223 включительно (Linux), от 4.20 до 5.4.24 включительно (Linux), от 5.5.0 до 5.5.8 включительно (Linux), от 4.10 до 4.14.180 включительно (Linux), от 4.15 до 4.19.118 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Ubuntu: https://usn.ubuntu.com/4342-1/ https://usn.ubuntu.com/4344-1/ https://usn.ubuntu.com/4345-1/ https://usn.ubuntu.com/4346-1/ Для Debian: Обновление программного обеспечения (пакета linux) до 4.19.118-2+deb10u1 или более поздней версии https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html Для программных продуктов Novell Inc.: http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html Для Linux: https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.181 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.119 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.224 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.224 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.25 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9 Для программных продуктов Red Hat: https://access.redhat.com/security/cve/cve-2019-19768 Для Astra Linux: Обновление программного обеспечения (пакета linux) до 4.19.118-2+deb10u1 или более поздней версии

Reference

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html https://access.redhat.com/security/cve/cve-2019-19768 https://bugzilla.kernel.org/show_bug.cgi?id=205711 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19768 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.181 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.119 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.224 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.224 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.25 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lore.kernel.org/linux-block/20200206142812.25989-1-jack@suse.cz/ https://nvd.nist.gov/vuln/detail/CVE-2019-19768 https://security.netapp.com/advisory/ntap-20200103-0001/ https://security-tracker.debian.org/tracker/CVE-2019-19768 https://ubuntu.com/security/notices/USN-4342-1 https://ubuntu.com/security/notices/USN-4344-1 https://ubuntu.com/security/notices/USN-4345-1 https://ubuntu.com/security/notices/USN-4346-1 https://usn.ubuntu.com/4342-1/ https://usn.ubuntu.com/4344-1 https://usn.ubuntu.com/4344-1/ https://usn.ubuntu.com/4345-1/ https://usn.ubuntu.com/4346-1/ https://usn.ubuntu.com/usn/usn-4342-1 https://usn.ubuntu.com/usn/usn-4344-1 https://usn.ubuntu.com/usn/usn-4345-1 https://usn.ubuntu.com/usn/usn-4346-1 https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15 https://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111 https://www.cve.org/CVERecord?id=CVE-2019-19768 https://www.debian.org/security/2020/dsa-4698 https://www.suse.com/security/cve/CVE-2019-19768/

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP4 (Suse Linux Enterprise Desktop), Server 12 SP1 LTSS (SUSE Linux Enterprise), Server 12 SP2 LTSS (SUSE Linux Enterprise), High Performance Computing 12 (SUSE Linux Enterprise), Module for Basesystem 15 GA (SUSE Linux Enterprise), Server 12 SP4 (SUSE Linux Enterprise), Server for SAP Applications 12 SP2 (SUSE Linux Enterprise), Server for SAP Applications 12 SP4 (SUSE Linux Enterprise), Server 12 SP5 (SUSE Linux Enterprise), Server for SAP Applications 12 SP3 (SUSE Linux Enterprise), Server for SAP Applications 12 SP5 (SUSE Linux Enterprise), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), Module for Basesystem 15 SP1 (SUSE Linux Enterprise), Module for Development Tools 15 GA (SUSE Linux Enterprise), Module for Development Tools 15 SP1 (SUSE Linux Enterprise), Server 12 SP3 LTSS (SUSE Linux Enterprise), Server 11 SP4 LTSS (SUSE Linux Enterprise), 9.10 (Ubuntu), \u043e\u0442 4.0 \u0434\u043e 4.4.223 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.223 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.24 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5.0 \u0434\u043e 5.5.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.180 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.118 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4342-1/\nhttps://usn.ubuntu.com/4344-1/\nhttps://usn.ubuntu.com/4345-1/\nhttps://usn.ubuntu.com/4346-1/\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 linux) \u0434\u043e 4.19.118-2+deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\nhttps://lists.debian.org/debian-lts-announce/2020/01/msg00013.html\t \nhttps://lists.debian.org/debian-lts-announce/2020/03/msg00001.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html\n\n\u0414\u043b\u044f Linux:\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.181\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.119\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.224\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.224\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.25\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat:\nhttps://access.redhat.com/security/cve/cve-2019-19768\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 linux) \u0434\u043e 4.19.118-2+deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.12.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.01.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00329",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-19768",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Ubuntu, Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Linux Enterprise, OpenSUSE Leap, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server 12 SP1 LTSS , Novell Inc. SUSE Linux Enterprise Server 12 SP2 LTSS , Novell Inc. SUSE Linux Enterprise High Performance Computing 12 , Novell Inc. SUSE Linux Enterprise Module for Basesystem 15 GA , Novell Inc. SUSE Linux Enterprise Server 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. SUSE Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. SUSE Linux Enterprise Module for Basesystem 15 SP1 , Novell Inc. SUSE Linux Enterprise Module for Development Tools 15 GA , Novell Inc. SUSE Linux Enterprise Module for Development Tools 15 SP1 , Novell Inc. SUSE Linux Enterprise Server 12 SP3 LTSS , Novell Inc. SUSE Linux Enterprise Server 11 SP4 LTSS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux 5.4.0 rc2 , Canonical Ltd. Ubuntu 9.10 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 __blk_add_trace \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 __blk_add_trace \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html\nhttps://access.redhat.com/security/cve/cve-2019-19768\nhttps://bugzilla.kernel.org/show_bug.cgi?id=205711\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19768\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.181\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.119\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.224\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.224\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.25\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9\nhttps://lists.debian.org/debian-lts-announce/2020/06/msg00011.html\nhttps://lists.debian.org/debian-lts-announce/2020/06/msg00012.html\nhttps://lists.debian.org/debian-lts-announce/2020/06/msg00013.html\nhttps://lore.kernel.org/linux-block/20200206142812.25989-1-jack@suse.cz/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19768\nhttps://security.netapp.com/advisory/ntap-20200103-0001/\nhttps://security-tracker.debian.org/tracker/CVE-2019-19768\nhttps://ubuntu.com/security/notices/USN-4342-1\nhttps://ubuntu.com/security/notices/USN-4344-1\nhttps://ubuntu.com/security/notices/USN-4345-1\nhttps://ubuntu.com/security/notices/USN-4346-1\nhttps://usn.ubuntu.com/4342-1/\nhttps://usn.ubuntu.com/4344-1\nhttps://usn.ubuntu.com/4344-1/\nhttps://usn.ubuntu.com/4345-1/\nhttps://usn.ubuntu.com/4346-1/\nhttps://usn.ubuntu.com/usn/usn-4342-1\nhttps://usn.ubuntu.com/usn/usn-4344-1\nhttps://usn.ubuntu.com/usn/usn-4345-1\nhttps://usn.ubuntu.com/usn/usn-4346-1\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111\nhttps://www.cve.org/CVERecord?id=CVE-2019-19768\nhttps://www.debian.org/security/2020/dsa-4698\nhttps://www.suse.com/security/cve/CVE-2019-19768/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2019-19768 (GCVE-0-2019-19768)

Vulnerability from cvelistv5 – Published: 2019-12-12 19:38 – Updated: 2024-08-05 02:25

Summary

In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bugzilla.kernel.org/show_bug.cgi?id=205711	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2020010…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/4344-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4345-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4342-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4346-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4698	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:25:12.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205711"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
          },
          {
            "name": "openSUSE-SU-2020:0388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
          },
          {
            "name": "USN-4344-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4344-1/"
          },
          {
            "name": "USN-4345-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4345-1/"
          },
          {
            "name": "USN-4342-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4342-1/"
          },
          {
            "name": "USN-4346-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4346-1/"
          },
          {
            "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
          },
          {
            "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
          },
          {
            "name": "DSA-4698",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T19:06:28.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205711"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
        },
        {
          "name": "openSUSE-SU-2020:0388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
        },
        {
          "name": "USN-4344-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4344-1/"
        },
        {
          "name": "USN-4345-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4345-1/"
        },
        {
          "name": "USN-4342-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4342-1/"
        },
        {
          "name": "USN-4346-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4346-1/"
        },
        {
          "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
        },
        {
          "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
        },
        {
          "name": "DSA-4698",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4698"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19768",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.kernel.org/show_bug.cgi?id=205711",
              "refsource": "MISC",
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=205711"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200103-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
            },
            {
              "name": "openSUSE-SU-2020:0388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html"
            },
            {
              "name": "USN-4344-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4344-1/"
            },
            {
              "name": "USN-4345-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4345-1/"
            },
            {
              "name": "USN-4342-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4342-1/"
            },
            {
              "name": "USN-4346-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4346-1/"
            },
            {
              "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
            },
            {
              "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
            },
            {
              "name": "DSA-4698",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19768",
    "datePublished": "2019-12-12T19:38:59.000Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:25:12.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-00329

CVE-2019-19768 (GCVE-0-2019-19768)

Tags

Sightings

Nomenclature