csaf_redhat - rhsa-2019

rhsa-2019_2476

Vulnerability from csaf_redhat

Published

2019-08-13 17:44

Modified

2024-09-13 19:53

Summary

Red Hat Security Advisory: kernel security update

Notes

Topic

An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:2476",
        "url": "https://access.redhat.com/errata/RHSA-2019:2476"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/4329821",
        "url": "https://access.redhat.com/articles/4329821"
      },
      {
        "category": "external",
        "summary": "1599161",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599161"
      },
      {
        "category": "external",
        "summary": "1724389",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724389"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_2476.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel security update",
    "tracking": {
      "current_release_date": "2024-09-13T19:53:46+00:00",
      "generator": {
        "date": "2024-09-13T19:53:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2019:2476",
      "initial_release_date": "2019-08-13T17:44:46+00:00",
      "revision_history": [
        {
          "date": "2019-08-13T17:44:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-08-13T17:44:46+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T19:53:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 6.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 6.6)",
                  "product_id": "6Server-6.6.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:6.6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
                  "product_id": "6Server-optional-6.6.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:6.6::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-debuginfo@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-perf-debuginfo@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-debuginfo-common-x86_64@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-perf-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "python-perf-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "python-perf-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-perf@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perf-debuginfo@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-debug-devel@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perf-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "perf-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "perf-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perf@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-devel@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-debug@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "kernel-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "kernel-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
                "product": {
                  "name": "kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
                  "product_id": "kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-headers@2.6.32-504.80.2.el6?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
                "product": {
                  "name": "kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
                  "product_id": "kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-firmware@2.6.32-504.80.2.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-doc-0:2.6.32-504.80.2.el6.noarch",
                "product": {
                  "name": "kernel-doc-0:2.6.32-504.80.2.el6.noarch",
                  "product_id": "kernel-doc-0:2.6.32-504.80.2.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-doc@2.6.32-504.80.2.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
                "product": {
                  "name": "kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
                  "product_id": "kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-abi-whitelists@2.6.32-504.80.2.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-0:2.6.32-504.80.2.el6.src",
                "product": {
                  "name": "kernel-0:2.6.32-504.80.2.el6.src",
                  "product_id": "kernel-0:2.6.32-504.80.2.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel@2.6.32-504.80.2.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-0:2.6.32-504.80.2.el6.src as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src"
        },
        "product_reference": "kernel-0:2.6.32-504.80.2.el6.src",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch"
        },
        "product_reference": "kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debug-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-doc-0:2.6.32-504.80.2.el6.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch"
        },
        "product_reference": "kernel-doc-0:2.6.32-504.80.2.el6.noarch",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-firmware-0:2.6.32-504.80.2.el6.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch"
        },
        "product_reference": "kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-headers-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perf-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "perf-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-perf-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "python-perf-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 6.6)",
          "product_id": "6Server-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-0:2.6.32-504.80.2.el6.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src"
        },
        "product_reference": "kernel-0:2.6.32-504.80.2.el6.src",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch"
        },
        "product_reference": "kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debug-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-doc-0:2.6.32-504.80.2.el6.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch"
        },
        "product_reference": "kernel-doc-0:2.6.32-504.80.2.el6.noarch",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-firmware-0:2.6.32-504.80.2.el6.noarch as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch"
        },
        "product_reference": "kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-headers-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perf-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "perf-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-perf-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "python-perf-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 6.6)",
          "product_id": "6Server-optional-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        },
        "product_reference": "python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
        "relates_to_product_reference": "6Server-optional-6.6.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-13405",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2018-07-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1599161"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
          "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
          "6Server-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
          "6Server-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
          "6Server-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
          "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
          "6Server-optional-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
          "6Server-optional-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
          "6Server-optional-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-13405"
        },
        {
          "category": "external",
          "summary": "RHBZ#1599161",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599161"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-13405",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-13405"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-13405",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13405"
        }
      ],
      "release_date": "2018-07-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
          ],
          "restart_required": {
            "category": "machine"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2476"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members"
    },
    {
      "cve": "CVE-2019-1125",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2019-06-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1724389"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Spectre gadget was found in the Linux kernel\u0027s implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: hw: Spectre SWAPGS gadget vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article:  https://access.redhat.com/articles/4329821",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
          "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
          "6Server-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
          "6Server-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
          "6Server-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
          "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
          "6Server-optional-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
          "6Server-optional-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
          "6Server-optional-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
          "6Server-optional-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-1125"
        },
        {
          "category": "external",
          "summary": "RHBZ#1724389",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724389"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-1125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1125",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1125"
        }
      ],
      "release_date": "2019-08-06T17:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
          ],
          "restart_required": {
            "category": "machine"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2476"
        },
        {
          "category": "workaround",
          "details": "For mitigation related information, please refer to the Red Hat Knowledgebase article:  https://access.redhat.com/articles/4329821",
          "product_ids": [
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.src",
            "6Server-optional-6.6.AUS:kernel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-abi-whitelists-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-debug-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debug-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-debuginfo-common-x86_64-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-devel-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:kernel-doc-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-firmware-0:2.6.32-504.80.2.el6.noarch",
            "6Server-optional-6.6.AUS:kernel-headers-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-0:2.6.32-504.80.2.el6.x86_64",
            "6Server-optional-6.6.AUS:python-perf-debuginfo-0:2.6.32-504.80.2.el6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: hw: Spectre SWAPGS gadget vulnerability"
    }
  ]
}

cve-2019-1125

Vulnerability from cvelistv5

Published

2019-09-03 17:52

Modified

2024-08-04 18:06

Severity

5.6 (Medium) - cvssV3_1 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C

Summary

Windows Kernel Information Disclosure Vulnerability

References

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125	x_refsource_MISC
https://www.synology.com/security/advisory/Synology_SA_19_32	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:2600	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2609	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2695	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2696	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2730	vendor-advisory, x_refsource_REDHAT
https://kc.mcafee.com/corporate/index?page=content&id=SB10297	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:2900	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2899	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2975	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3011	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:2824	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3220	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:3248	vendor-advisory, x_refsource_REDHAT
http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html	x_refsource_MISC
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en	x_refsource_CONFIRM

Impacted products

Vendor	Product
Microsoft	Windows 10 Version 1703
Microsoft	Windows 10 Version 1803
Microsoft	Windows Server, version 1803 (Server Core Installation)
Microsoft	Windows 10 Version 1809
Microsoft	Windows Server 2019
Microsoft	Windows Server 2019 (Server Core installation)
Microsoft	Windows 10 Version 1709 for 32-bit Systems
Microsoft	Windows 10 Version 1709
Microsoft	Windows 10 Version 1903 for 32-bit Systems
Microsoft	Windows 10 Version 1903 for x64-based Systems
Microsoft	Windows 10 Version 1903 for ARM64-based Systems
Microsoft	Windows Server, version 1903 (Server Core installation)
Microsoft	Windows 10 Version 1507
Microsoft	Windows 10 Version 1607
Microsoft	Windows Server 2016
Microsoft	Windows Server 2016 (Server Core installation)
Microsoft	Windows 7
Microsoft	Windows 7 Service Pack 1
Microsoft	Windows 8.1
Microsoft	Windows Server 2008 Service Pack 2
Microsoft	Windows Server 2008 Service Pack 2 (Server Core installation)
Microsoft	Windows Server 2008 Service Pack 2
Microsoft	Windows Server 2008 R2 Systems Service Pack 1
Microsoft	Windows Server 2008 R2 Service Pack 1
Microsoft	Windows Server 2008 R2 Service Pack 1 (Server Core installation)
Microsoft	Windows Server 2012
Microsoft	Windows Server 2012 (Server Core installation)
Microsoft	Windows Server 2012 R2
Microsoft	Windows Server 2012 R2 (Server Core installation)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:31.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_32"
          },
          {
            "name": "RHSA-2019:2600",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2600"
          },
          {
            "name": "RHSA-2019:2609",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2609"
          },
          {
            "name": "RHSA-2019:2695",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2695"
          },
          {
            "name": "RHSA-2019:2696",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2696"
          },
          {
            "name": "RHSA-2019:2730",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2730"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10297"
          },
          {
            "name": "RHSA-2019:2900",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2900"
          },
          {
            "name": "RHSA-2019:2899",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2899"
          },
          {
            "name": "RHSA-2019:2975",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2975"
          },
          {
            "name": "RHSA-2019:3011",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3011"
          },
          {
            "name": "RHBA-2019:2824",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:2824"
          },
          {
            "name": "RHSA-2019:3220",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3220"
          },
          {
            "name": "RHBA-2019:3248",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:3248"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1703",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1803",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1803:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1803  (Server Core Installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 1709 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1709",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*"
          ],
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows 7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 7 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*"
          ],
          "platforms": [
            "32-bit Systems",
            "IA64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:itanium:*"
          ],
          "platforms": [
            "IA64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Systems Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-08-06T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.\nOn January 3, 2018, Microsoft released an advisory and security updates\u202frelated to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125.\nMicrosoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T16:50:27.042Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_32"
        },
        {
          "name": "RHSA-2019:2600",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2600"
        },
        {
          "name": "RHSA-2019:2609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2609"
        },
        {
          "name": "RHSA-2019:2695",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2695"
        },
        {
          "name": "RHSA-2019:2696",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2696"
        },
        {
          "name": "RHSA-2019:2730",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2730"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10297"
        },
        {
          "name": "RHSA-2019:2900",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2900"
        },
        {
          "name": "RHSA-2019:2899",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2899"
        },
        {
          "name": "RHSA-2019:2975",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2975"
        },
        {
          "name": "RHSA-2019:3011",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3011"
        },
        {
          "name": "RHBA-2019:2824",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:2824"
        },
        {
          "name": "RHSA-2019:3220",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3220"
        },
        {
          "name": "RHBA-2019:3248",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:3248"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en"
        }
      ],
      "title": "Windows Kernel Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1125",
    "datePublished": "2019-09-03T17:52:41",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:31.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-13405

Vulnerability from cvelistv5

Published

2018-07-06 14:00

Modified

2024-08-05 09:00

Severity

Summary

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

References

URL	Tags
https://usn.ubuntu.com/3752-2/	vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3752-3/	vendor-advisory, x_refsource_UBUNTU
https://twitter.com/grsecurity/status/1015082951204327425	x_refsource_MISC
https://usn.ubuntu.com/3753-2/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/3754-1/	vendor-advisory, x_refsource_UBUNTU
http://openwall.com/lists/oss-security/2018/07/13/2	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html	mailing-list, x_refsource_MLIST
https://www.exploit-db.com/exploits/45033/	exploit, x_refsource_EXPLOIT-DB
https://www.debian.org/security/2018/dsa-4266	vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/106503	vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3752-1/	vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3753-1/	vendor-advisory, x_refsource_UBUNTU
https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:0717	vendor-advisory, x_refsource_REDHAT
https://support.f5.com/csp/article/K00854051	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:2476	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2566	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2696	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2730	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4159	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4164	vendor-advisory, x_refsource_REDHAT
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/	vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/	vendor-advisory, x_refsource_FEDORA

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:00:35.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3752-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3752-2/"
          },
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3752-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3752-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/grsecurity/status/1015082951204327425"
          },
          {
            "name": "USN-3753-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-2/"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2018/07/13/2"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
          },
          {
            "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
          },
          {
            "name": "45033",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45033/"
          },
          {
            "name": "DSA-4266",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4266"
          },
          {
            "name": "106503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106503"
          },
          {
            "name": "USN-3752-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3752-1/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3753-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
          },
          {
            "name": "RHSA-2019:0717",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0717"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K00854051"
          },
          {
            "name": "RHSA-2019:2476",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2476"
          },
          {
            "name": "RHSA-2019:2566",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2566"
          },
          {
            "name": "RHSA-2019:2696",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2696"
          },
          {
            "name": "RHSA-2019:2730",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2730"
          },
          {
            "name": "RHSA-2019:4159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4159"
          },
          {
            "name": "RHSA-2019:4164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4164"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406"
          },
          {
            "name": "FEDORA-2022-3a60c34473",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
          },
          {
            "name": "FEDORA-2022-5d0676b098",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-25T18:06:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3752-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3752-2/"
        },
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3752-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3752-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/grsecurity/status/1015082951204327425"
        },
        {
          "name": "USN-3753-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-2/"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openwall.com/lists/oss-security/2018/07/13/2"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
        },
        {
          "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
        },
        {
          "name": "45033",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45033/"
        },
        {
          "name": "DSA-4266",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4266"
        },
        {
          "name": "106503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106503"
        },
        {
          "name": "USN-3752-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3752-1/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3753-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
        },
        {
          "name": "RHSA-2019:0717",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0717"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K00854051"
        },
        {
          "name": "RHSA-2019:2476",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2476"
        },
        {
          "name": "RHSA-2019:2566",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2566"
        },
        {
          "name": "RHSA-2019:2696",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2696"
        },
        {
          "name": "RHSA-2019:2730",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2730"
        },
        {
          "name": "RHSA-2019:4159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4159"
        },
        {
          "name": "RHSA-2019:4164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4164"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406"
        },
        {
          "name": "FEDORA-2022-3a60c34473",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
        },
        {
          "name": "FEDORA-2022-5d0676b098",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13405",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3752-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3752-2/"
            },
            {
              "name": "RHSA-2018:3083",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "USN-3752-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3752-3/"
            },
            {
              "name": "https://twitter.com/grsecurity/status/1015082951204327425",
              "refsource": "MISC",
              "url": "https://twitter.com/grsecurity/status/1015082951204327425"
            },
            {
              "name": "USN-3753-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3753-2/"
            },
            {
              "name": "USN-3754-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "http://openwall.com/lists/oss-security/2018/07/13/2",
              "refsource": "MISC",
              "url": "http://openwall.com/lists/oss-security/2018/07/13/2"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
            },
            {
              "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
            },
            {
              "name": "45033",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45033/"
            },
            {
              "name": "DSA-4266",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4266"
            },
            {
              "name": "106503",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106503"
            },
            {
              "name": "USN-3752-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3752-1/"
            },
            {
              "name": "RHSA-2018:3096",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            },
            {
              "name": "USN-3753-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3753-1/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
            },
            {
              "name": "RHSA-2019:0717",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0717"
            },
            {
              "name": "https://support.f5.com/csp/article/K00854051",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K00854051"
            },
            {
              "name": "RHSA-2019:2476",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2476"
            },
            {
              "name": "RHSA-2019:2566",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2566"
            },
            {
              "name": "RHSA-2019:2696",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2696"
            },
            {
              "name": "RHSA-2019:2730",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2730"
            },
            {
              "name": "RHSA-2019:4159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4159"
            },
            {
              "name": "RHSA-2019:4164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4164"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406"
            },
            {
              "name": "FEDORA-2022-3a60c34473",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
            },
            {
              "name": "FEDORA-2022-5d0676b098",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-13405",
    "datePublished": "2018-07-06T14:00:00",
    "dateReserved": "2018-07-06T00:00:00",
    "dateUpdated": "2024-08-05T09:00:35.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2019_2476

Vulnerability from csaf_redhat

cve-2019-1125

Vulnerability from cvelistv5

cve-2018-13405

Vulnerability from cvelistv5

Tags