CVE-2019-13648 (GCVE-0-2019-13648)

Vulnerability from cvelistv5 – Published: 2019-07-19 12:53 – Updated: 2024-08-04 23:57
VLAI?
Summary
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://patchwork.ozlabs.org/patch/1133904/ x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/07/30/1 mailing-listx_refsource_MLIST
https://git.kernel.org/torvalds/c/f16d80b75a096c5… x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://security.netapp.com/advisory/ntap-2019080… x_refsource_CONFIRM
https://www.debian.org/security/2019/dsa-4495 vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Aug/13 mailing-listx_refsource_BUGTRAQ
https://seclists.org/bugtraq/2019/Aug/18 mailing-listx_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4497 vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Aug/26 mailing-listx_refsource_BUGTRAQ
https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
http://packetstormsecurity.com/files/154059/Slack… x_refsource_MISC
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://usn.ubuntu.com/4114-1/ vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4115-1/ vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4116-1/ vendor-advisoryx_refsource_UBUNTU
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:57:39.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.ozlabs.org/patch/1133904/"
          },
          {
            "name": "[oss-security] 20190730 CVE-2019-13648: Linux kernel: powerpc: kernel crash in TM handling triggerable by any local user",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/30/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe"
          },
          {
            "name": "FEDORA-2019-7aecfe1c4b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRK2MW223KQZ76DKEF2BZFN6TCXLZLDS/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
          },
          {
            "name": "DSA-4495",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4495"
          },
          {
            "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/13"
          },
          {
            "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/18"
          },
          {
            "name": "DSA-4497",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4497"
          },
          {
            "name": "20190814 [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/26"
          },
          {
            "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "openSUSE-SU-2019:1924",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
          },
          {
            "name": "openSUSE-SU-2019:1923",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
          },
          {
            "name": "USN-4114-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4114-1/"
          },
          {
            "name": "USN-4115-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4115-1/"
          },
          {
            "name": "USN-4116-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4116-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-02T23:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.ozlabs.org/patch/1133904/"
        },
        {
          "name": "[oss-security] 20190730 CVE-2019-13648: Linux kernel: powerpc: kernel crash in TM handling triggerable by any local user",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/30/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe"
        },
        {
          "name": "FEDORA-2019-7aecfe1c4b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRK2MW223KQZ76DKEF2BZFN6TCXLZLDS/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
        },
        {
          "name": "DSA-4495",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4495"
        },
        {
          "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/13"
        },
        {
          "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/18"
        },
        {
          "name": "DSA-4497",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4497"
        },
        {
          "name": "20190814 [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/26"
        },
        {
          "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "openSUSE-SU-2019:1924",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
        },
        {
          "name": "openSUSE-SU-2019:1923",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
        },
        {
          "name": "USN-4114-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4114-1/"
        },
        {
          "name": "USN-4115-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4115-1/"
        },
        {
          "name": "USN-4116-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4116-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13648",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://patchwork.ozlabs.org/patch/1133904/",
              "refsource": "MISC",
              "url": "https://patchwork.ozlabs.org/patch/1133904/"
            },
            {
              "name": "[oss-security] 20190730 CVE-2019-13648: Linux kernel: powerpc: kernel crash in TM handling triggerable by any local user",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/30/1"
            },
            {
              "name": "https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe"
            },
            {
              "name": "FEDORA-2019-7aecfe1c4b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GRK2MW223KQZ76DKEF2BZFN6TCXLZLDS/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190806-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
            },
            {
              "name": "DSA-4495",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4495"
            },
            {
              "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/13"
            },
            {
              "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/18"
            },
            {
              "name": "DSA-4497",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4497"
            },
            {
              "name": "20190814 [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/26"
            },
            {
              "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "openSUSE-SU-2019:1924",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
            },
            {
              "name": "openSUSE-SU-2019:1923",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
            },
            {
              "name": "USN-4114-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4114-1/"
            },
            {
              "name": "USN-4115-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4115-1/"
            },
            {
              "name": "USN-4116-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4116-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13648",
    "datePublished": "2019-07-19T12:53:01",
    "dateReserved": "2019-07-18T00:00:00",
    "dateUpdated": "2024-08-04T23:57:39.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.2.1\", \"matchCriteriaId\": \"3BEAFB0F-D383-4D9A-856A-6493631A4742\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux hasta versi\\u00f3n 5.2.1 sobre la plataforma powerpc, cuando la memoria transaccional de hardware est\\u00e1 deshabilitada, un usuario local puede causar una denegaci\\u00f3n de servicio (excepci\\u00f3n de TM Bad Thing y bloqueo del sistema) por medio de una llamada de sistema de la funci\\u00f3n sigreturn() que env\\u00eda una trama de se\\u00f1al dise\\u00f1ada. Esto afecta a los archivos arch/powerpc/kernel/signal_32.c y arch/powerpc/kernel/signal_64.c.\"}]",
      "id": "CVE-2019-13648",
      "lastModified": "2024-11-21T04:25:26.117",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 4.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-19T13:15:12.797",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/07/30/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRK2MW223KQZ76DKEF2BZFN6TCXLZLDS/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://patchwork.ozlabs.org/patch/1133904/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/13\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/18\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/26\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190806-0001/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4114-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4115-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/4116-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4495\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4497\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/07/30/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRK2MW223KQZ76DKEF2BZFN6TCXLZLDS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://patchwork.ozlabs.org/patch/1133904/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Aug/26\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190806-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4114-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4115-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/4116-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4495\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2019/dsa-4497\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-13648\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-19T13:15:12.797\",\"lastModified\":\"2024-11-21T04:25:26.117\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux hasta versi\u00f3n 5.2.1 sobre la plataforma powerpc, cuando la memoria transaccional de hardware est\u00e1 deshabilitada, un usuario local puede causar una denegaci\u00f3n de servicio (excepci\u00f3n de TM Bad Thing y bloqueo del sistema) por medio de una llamada de sistema de la funci\u00f3n sigreturn() que env\u00eda una trama de se\u00f1al dise\u00f1ada. Esto afecta a los archivos arch/powerpc/kernel/signal_32.c y arch/powerpc/kernel/signal_64.c.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2.1\",\"matchCriteriaId\":\"3BEAFB0F-D383-4D9A-856A-6493631A4742\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/30/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRK2MW223KQZ76DKEF2BZFN6TCXLZLDS/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://patchwork.ozlabs.org/patch/1133904/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/13\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/18\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/26\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190806-0001/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4114-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4115-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4116-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4495\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4497\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/07/30/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRK2MW223KQZ76DKEF2BZFN6TCXLZLDS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://patchwork.ozlabs.org/patch/1133904/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190806-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4114-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4115-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4116-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4495\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2019/dsa-4497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.