Search criteria
32 vulnerabilities found for active_iq_performance_analytics_services by netapp
CVE-2019-15902 (GCVE-0-2019-15902)
Vulnerability from nvd – Published: 2019-09-04 05:50 – Updated: 2024-08-05 01:03
VLAI?
Summary
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "20190925 [SECURITY] [DSA 4531-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"name": "DSA-4531",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"name": "USN-4157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4157-1/"
},
{
"name": "USN-4162-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4162-1/"
},
{
"name": "USN-4157-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4157-2/"
},
{
"name": "USN-4163-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4163-1/"
},
{
"name": "USN-4163-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4163-2/"
},
{
"name": "USN-4162-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4162-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream \"x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()\" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T07:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "20190925 [SECURITY] [DSA 4531-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"name": "DSA-4531",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"name": "USN-4157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4157-1/"
},
{
"name": "USN-4162-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4162-1/"
},
{
"name": "USN-4157-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4157-2/"
},
{
"name": "USN-4163-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4163-1/"
},
{
"name": "USN-4163-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4163-2/"
},
{
"name": "USN-4162-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4162-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream \"x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()\" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php",
"refsource": "MISC",
"url": "https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php"
},
{
"name": "openSUSE-SU-2019:2173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "20190925 [SECURITY] [DSA 4531-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"name": "DSA-4531",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"name": "USN-4157-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4157-1/"
},
{
"name": "USN-4162-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4162-1/"
},
{
"name": "USN-4157-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4157-2/"
},
{
"name": "USN-4163-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4163-1/"
},
{
"name": "USN-4163-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4163-2/"
},
{
"name": "USN-4162-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4162-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15902",
"datePublished": "2019-09-04T05:50:48",
"dateReserved": "2019-09-04T00:00:00",
"dateUpdated": "2024-08-05T01:03:32.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15098 (GCVE-0-2019-15098)
Vulnerability from nvd – Published: 2019-08-16 01:15 – Updated: 2024-08-05 00:34
VLAI?
Summary
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K61214359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4185-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4185-1/"
},
{
"name": "USN-4184-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4184-1/"
},
{
"name": "USN-4186-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "USN-4186-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T19:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K61214359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4185-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4185-1/"
},
{
"name": "USN-4184-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4184-1/"
},
{
"name": "USN-4186-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "USN-4186-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u",
"refsource": "MISC",
"url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
},
{
"name": "openSUSE-SU-2019:2173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
},
{
"name": "https://support.f5.com/csp/article/K61214359",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K61214359"
},
{
"name": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4185-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4185-1/"
},
{
"name": "USN-4184-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4184-1/"
},
{
"name": "USN-4186-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "USN-4186-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15098",
"datePublished": "2019-08-16T01:15:39",
"dateReserved": "2019-08-15T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20855 (GCVE-0-2018-20855)
Vulnerability from nvd – Published: 2019-07-26 04:39 – Updated: 2024-08-05 12:12
VLAI?
Summary
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
},
{
"name": "openSUSE-SU-2019:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1923",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-05T23:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
},
{
"name": "openSUSE-SU-2019:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1923",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
},
{
"name": "openSUSE-SU-2019:1924",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1923",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20855",
"datePublished": "2019-07-26T04:39:40",
"dateReserved": "2019-07-26T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7612 (GCVE-0-2019-7612)
Vulnerability from nvd – Published: 2019-03-25 18:34 – Updated: 2024-08-04 20:54
VLAI?
Summary
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Severity ?
No CVSS data available.
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.15 and 6.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T21:06:03",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 5.6.15 and 6.6.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190411-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7612",
"datePublished": "2019-03-25T18:34:06",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7222 (GCVE-0-2019-7222)
Vulnerability from nvd – Published: 2019-03-17 18:52 – Updated: 2024-08-04 20:46
VLAI?
Summary
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"name": "106963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106963"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a"
},
{
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"name": "106963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106963"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a"
},
{
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-164946aa7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"name": "106963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106963"
},
{
"name": "FEDORA-2019-3da64f3e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a"
},
{
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "USN-3933-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:2043",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7222",
"datePublished": "2019-03-17T18:52:17",
"dateReserved": "2019-01-30T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7221 (GCVE-0-2019-7221)
Vulnerability from nvd – Published: 2019-03-17 18:26 – Updated: 2024-08-04 20:46
VLAI?
Summary
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:44.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T11:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/02/18/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "https://support.f5.com/csp/article/K08413011",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7221",
"datePublished": "2019-03-17T18:26:10",
"dateReserved": "2019-01-30T00:00:00",
"dateUpdated": "2024-08-04T20:46:44.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6454 (GCVE-0-2019-6454)
Vulnerability from nvd – Published: 2019-03-17 16:38 – Updated: 2024-08-04 20:23
VLAI?
Summary
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-8434288a24",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"
},
{
"name": "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"
},
{
"name": "107081",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107081"
},
{
"name": "USN-3891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3891-1/"
},
{
"name": "RHSA-2019:0368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"
},
{
"name": "SUSE-SA:2019:0255-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"
},
{
"name": "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"
},
{
"name": "[SECURITY] [DLA 1684-1] 20190219 systemd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"
},
{
"name": "DSA-4393-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"name": "RHSA-2019:0990",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0990"
},
{
"name": "openSUSE-SU-2019:1450",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"
},
{
"name": "RHSA-2019:1322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1322"
},
{
"name": "RHSA-2019:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1502"
},
{
"name": "RHSA-2019:2805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2805"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T14:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2019-8434288a24",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"
},
{
"name": "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"
},
{
"name": "107081",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107081"
},
{
"name": "USN-3891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3891-1/"
},
{
"name": "RHSA-2019:0368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"
},
{
"name": "SUSE-SA:2019:0255-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"
},
{
"name": "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"
},
{
"name": "[SECURITY] [DLA 1684-1] 20190219 systemd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"
},
{
"name": "DSA-4393-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"name": "RHSA-2019:0990",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0990"
},
{
"name": "openSUSE-SU-2019:1450",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"
},
{
"name": "RHSA-2019:1322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1322"
},
{
"name": "RHSA-2019:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1502"
},
{
"name": "RHSA-2019:2805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2805"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-8434288a24",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"
},
{
"name": "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"
},
{
"name": "107081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107081"
},
{
"name": "USN-3891-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3891-1/"
},
{
"name": "RHSA-2019:0368",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0368"
},
{
"name": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c",
"refsource": "MISC",
"url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"
},
{
"name": "SUSE-SA:2019:0255-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"
},
{
"name": "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"
},
{
"name": "[SECURITY] [DLA 1684-1] 20190219 systemd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"
},
{
"name": "DSA-4393-1",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4393"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0004/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"name": "RHSA-2019:0990",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0990"
},
{
"name": "openSUSE-SU-2019:1450",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"
},
{
"name": "RHSA-2019:1322",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1322"
},
{
"name": "RHSA-2019:1502",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1502"
},
{
"name": "RHSA-2019:2805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2805"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6454",
"datePublished": "2019-03-17T16:38:57",
"dateReserved": "2019-01-16T00:00:00",
"dateUpdated": "2024-08-04T20:23:21.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19985 (GCVE-0-2018-19985)
Vulnerability from nvd – Published: 2019-03-17 19:48 – Updated: 2024-08-05 11:51
VLAI?
Summary
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hexhive.epfl.ch/projects/perifuzz/"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hexhive.epfl.ch/projects/perifuzz/"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/52",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"name": "https://hexhive.epfl.ch/projects/perifuzz/",
"refsource": "MISC",
"url": "https://hexhive.epfl.ch/projects/perifuzz/"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-4115-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19985",
"datePublished": "2019-03-17T19:48:52",
"dateReserved": "2018-12-09T00:00:00",
"dateUpdated": "2024-08-05T11:51:17.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16888 (GCVE-0-2018-16888)
Vulnerability from nvd – Published: 2019-01-14 22:00 – Updated: 2024-08-05 10:39
VLAI?
Summary
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
Severity ?
4.4 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The systemd Project | systemd |
Affected:
v237
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:58.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "USN-4269-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4269-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "systemd",
"vendor": "The systemd Project",
"versions": [
{
"status": "affected",
"version": "v237"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T01:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "USN-4269-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4269-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "systemd",
"version": {
"version_data": [
{
"version_value": "v237"
}
]
}
}
]
},
"vendor_name": "The systemd Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.4/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190307-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
},
{
"name": "RHSA-2019:2091",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E"
},
{
"name": "USN-4269-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4269-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16888",
"datePublished": "2019-01-14T22:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:39:58.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16866 (GCVE-0-2018-16866)
Vulnerability from nvd – Published: 2019-01-11 19:00 – Updated: 2025-06-09 15:41
VLAI?
Summary
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
Severity ?
4.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The systemd Project | systemd |
Affected:
from v221 to v239
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4367",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4367"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
},
{
"name": "USN-3855-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3855-1/"
},
{
"name": "106527",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106527"
},
{
"name": "GLSA-201903-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-07"
},
{
"name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
},
{
"name": "20190513 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
},
{
"name": "20190513 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/21"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "RHSA-2019:3222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
},
{
"name": "RHSA-2020:0593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0593"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-16866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:41:29.041122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:41:39.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "systemd",
"vendor": "The systemd Project",
"versions": [
{
"status": "affected",
"version": "from v221 to v239"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon \u0027:\u0027. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T14:06:20.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-4367",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4367"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
},
{
"name": "USN-3855-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3855-1/"
},
{
"name": "106527",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106527"
},
{
"name": "GLSA-201903-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-07"
},
{
"name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
},
{
"name": "20190513 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
},
{
"name": "20190513 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/21"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "RHSA-2019:3222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
},
{
"name": "RHSA-2020:0593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0593"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16866",
"datePublished": "2019-01-11T19:00:00.000Z",
"dateReserved": "2018-09-11T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:41:39.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5489 (GCVE-0-2019-5489)
Vulnerability from nvd – Published: 2019-01-07 18:00 – Updated: 2024-08-04 19:54
VLAI?
Summary
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106478"
},
{
"name": "openSUSE-SU-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "DSA-4465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "openSUSE-SU-2019:1579",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:2473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"name": "RHSA-2019:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2808"
},
{
"name": "RHSA-2019:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2019:4056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
},
{
"name": "RHSA-2019:4159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4159"
},
{
"name": "RHSA-2019:4164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4164"
},
{
"name": "RHSA-2019:4255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/abs/1901.01161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:23:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106478"
},
{
"name": "openSUSE-SU-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "DSA-4465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "openSUSE-SU-2019:1579",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:2473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"name": "RHSA-2019:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2808"
},
{
"name": "RHSA-2019:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2019:4056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
},
{
"name": "RHSA-2019:4159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4159"
},
{
"name": "RHSA-2019:4164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4164"
},
{
"name": "RHSA-2019:4255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/abs/1901.01161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106478"
},
{
"name": "openSUSE-SU-2019:1479",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "DSA-4465",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1570",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "openSUSE-SU-2019:1579",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "RHSA-2019:2043",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:2473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"name": "RHSA-2019:2808",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2808"
},
{
"name": "RHSA-2019:2837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"name": "RHSA-2019:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2019:4056",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
},
{
"name": "RHSA-2019:4159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4159"
},
{
"name": "RHSA-2019:4164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4164"
},
{
"name": "RHSA-2019:4255",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"name": "RHSA-2020:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/",
"refsource": "MISC",
"url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1120843",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843"
},
{
"name": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"name": "https://arxiv.org/abs/1901.01161",
"refsource": "MISC",
"url": "https://arxiv.org/abs/1901.01161"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190307-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190307-0001/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5489",
"datePublished": "2019-01-07T18:00:00",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19039 (GCVE-0-2018-19039)
Vulnerability from nvd – Published: 2018-12-13 19:00 – Updated: 2024-08-05 11:23
VLAI?
Summary
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/"
},
{
"name": "RHSA-2019:0747",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0004/"
},
{
"name": "RHSA-2019:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0911"
},
{
"name": "openSUSE-SU-2020:1611",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-04T17:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/"
},
{
"name": "RHSA-2019:0747",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0004/"
},
{
"name": "RHSA-2019:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0911"
},
{
"name": "openSUSE-SU-2020:1611",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105994"
},
{
"name": "https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961",
"refsource": "CONFIRM",
"url": "https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961"
},
{
"name": "https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/",
"refsource": "CONFIRM",
"url": "https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/"
},
{
"name": "RHSA-2019:0747",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0747"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190416-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190416-0004/"
},
{
"name": "RHSA-2019:0911",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0911"
},
{
"name": "openSUSE-SU-2020:1611",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19039",
"datePublished": "2018-12-13T19:00:00",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14634 (GCVE-0-2018-14634)
Vulnerability from nvd – Published: 2018-09-25 21:00 – Updated: 2026-01-26 23:20
VLAI?
Summary
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Foundation | kernel |
Affected:
2.6.x, 3.10.x, 4.14.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3540"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0002/"
},
{
"name": "RHSA-2018:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2925"
},
{
"name": "RHSA-2018:3591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3591"
},
{
"name": "45516",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45516/"
},
{
"name": "USN-3775-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3775-1/"
},
{
"name": "RHSA-2018:2933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2933"
},
{
"name": "USN-3779-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3779-1/"
},
{
"name": "RHSA-2018:2748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2748"
},
{
"name": "RHSA-2018:3590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3590"
},
{
"name": "USN-3775-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3775-2/"
},
{
"name": "RHSA-2018:2763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2763"
},
{
"name": "105407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105407"
},
{
"name": "RHSA-2018:2924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2924"
},
{
"name": "RHSA-2018:3586",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3586"
},
{
"name": "RHSA-2018:3643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3643"
},
{
"name": "RHSA-2018:2846",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2846"
},
{
"name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/09/25/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-14634"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-14634",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T20:54:25.852098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-01-26",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T23:20:23.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-26T00:00:00+00:00",
"value": "CVE-2018-14634 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "The Linux Foundation",
"versions": [
{
"status": "affected",
"version": "2.6.x, 3.10.x, 4.14.x"
}
]
}
],
"datePublic": "2018-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow flaw was found in the Linux kernel\u0027s create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T14:06:15.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:3540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3540"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0002/"
},
{
"name": "RHSA-2018:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2925"
},
{
"name": "RHSA-2018:3591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3591"
},
{
"name": "45516",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45516/"
},
{
"name": "USN-3775-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3775-1/"
},
{
"name": "RHSA-2018:2933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2933"
},
{
"name": "USN-3779-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3779-1/"
},
{
"name": "RHSA-2018:2748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2748"
},
{
"name": "RHSA-2018:3590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3590"
},
{
"name": "USN-3775-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3775-2/"
},
{
"name": "RHSA-2018:2763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2763"
},
{
"name": "105407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105407"
},
{
"name": "RHSA-2018:2924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2924"
},
{
"name": "RHSA-2018:3586",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3586"
},
{
"name": "RHSA-2018:3643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3643"
},
{
"name": "RHSA-2018:2846",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2846"
},
{
"name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2018/09/25/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-14634"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-14634",
"datePublished": "2018-09-25T21:00:00.000Z",
"dateReserved": "2018-07-27T00:00:00.000Z",
"dateUpdated": "2026-01-26T23:20:23.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-16597 (GCVE-0-2018-16597)
Vulnerability from nvd – Published: 2018-09-21 16:00 – Updated: 2024-08-05 10:24
VLAI?
Summary
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K22691834"
},
{
"name": "openSUSE-SU-2018:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T18:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K22691834"
},
{
"name": "openSUSE-SU-2018:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105394"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1106512",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
},
{
"name": "https://support.f5.com/csp/article/K22691834",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K22691834"
},
{
"name": "openSUSE-SU-2018:3202",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"name": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16597",
"datePublished": "2018-09-21T16:00:00",
"dateReserved": "2018-09-06T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17182 (GCVE-0-2018-17182)
Vulnerability from nvd – Published: 2018-09-19 09:00 – Updated: 2024-08-05 10:39
VLAI?
Summary
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3776-1/"
},
{
"name": "USN-3776-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3776-2/"
},
{
"name": "USN-3777-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3777-1/"
},
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name": "RHSA-2018:3656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3656"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "DSA-4308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "105417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105417"
},
{
"name": "45497",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45497/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
},
{
"name": "1041748",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041748"
},
{
"name": "USN-3777-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3777-2/"
},
{
"name": "106503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3777-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-05T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3776-1/"
},
{
"name": "USN-3776-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3776-2/"
},
{
"name": "USN-3777-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3777-1/"
},
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name": "RHSA-2018:3656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3656"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "DSA-4308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "105417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105417"
},
{
"name": "45497",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45497/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
},
{
"name": "1041748",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041748"
},
{
"name": "USN-3777-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3777-2/"
},
{
"name": "106503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3777-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3776-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3776-1/"
},
{
"name": "USN-3776-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3776-2/"
},
{
"name": "USN-3777-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-1/"
},
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name": "RHSA-2018:3656",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3656"
},
{
"name": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "DSA-4308",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "105417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105417"
},
{
"name": "45497",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45497/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2018/09/18/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
},
{
"name": "1041748",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041748"
},
{
"name": "USN-3777-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-2/"
},
{
"name": "106503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106503"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "USN-3777-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17182",
"datePublished": "2018-09-19T09:00:00",
"dateReserved": "2018-09-19T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15902 (GCVE-0-2019-15902)
Vulnerability from cvelistv5 – Published: 2019-09-04 05:50 – Updated: 2024-08-05 01:03
VLAI?
Summary
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "20190925 [SECURITY] [DSA 4531-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"name": "DSA-4531",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"name": "USN-4157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4157-1/"
},
{
"name": "USN-4162-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4162-1/"
},
{
"name": "USN-4157-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4157-2/"
},
{
"name": "USN-4163-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4163-1/"
},
{
"name": "USN-4163-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4163-2/"
},
{
"name": "USN-4162-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4162-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream \"x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()\" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T07:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "20190925 [SECURITY] [DSA 4531-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"name": "DSA-4531",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"name": "USN-4157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4157-1/"
},
{
"name": "USN-4162-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4162-1/"
},
{
"name": "USN-4157-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4157-2/"
},
{
"name": "USN-4163-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4163-1/"
},
{
"name": "USN-4163-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4163-2/"
},
{
"name": "USN-4162-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4162-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream \"x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()\" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php",
"refsource": "MISC",
"url": "https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php"
},
{
"name": "openSUSE-SU-2019:2173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "20190925 [SECURITY] [DSA 4531-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"name": "DSA-4531",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"name": "USN-4157-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4157-1/"
},
{
"name": "USN-4162-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4162-1/"
},
{
"name": "USN-4157-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4157-2/"
},
{
"name": "USN-4163-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4163-1/"
},
{
"name": "USN-4163-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4163-2/"
},
{
"name": "USN-4162-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4162-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15902",
"datePublished": "2019-09-04T05:50:48",
"dateReserved": "2019-09-04T00:00:00",
"dateUpdated": "2024-08-05T01:03:32.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15098 (GCVE-0-2019-15098)
Vulnerability from cvelistv5 – Published: 2019-08-16 01:15 – Updated: 2024-08-05 00:34
VLAI?
Summary
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K61214359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4185-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4185-1/"
},
{
"name": "USN-4184-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4184-1/"
},
{
"name": "USN-4186-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "USN-4186-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T19:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
},
{
"name": "openSUSE-SU-2019:2173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K61214359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4185-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4185-1/"
},
{
"name": "USN-4184-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4184-1/"
},
{
"name": "USN-4186-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "USN-4186-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u",
"refsource": "MISC",
"url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
},
{
"name": "openSUSE-SU-2019:2173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"name": "openSUSE-SU-2019:2181",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/3"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/2"
},
{
"name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/27/1"
},
{
"name": "https://support.f5.com/csp/article/K61214359",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K61214359"
},
{
"name": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4185-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4185-1/"
},
{
"name": "USN-4184-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4184-1/"
},
{
"name": "USN-4186-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "USN-4186-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15098",
"datePublished": "2019-08-16T01:15:39",
"dateReserved": "2019-08-15T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20855 (GCVE-0-2018-20855)
Vulnerability from cvelistv5 – Published: 2019-07-26 04:39 – Updated: 2024-08-05 12:12
VLAI?
Summary
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
},
{
"name": "openSUSE-SU-2019:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1923",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-05T23:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
},
{
"name": "openSUSE-SU-2019:1924",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1923",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7"
},
{
"name": "openSUSE-SU-2019:1924",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1923",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20855",
"datePublished": "2019-07-26T04:39:40",
"dateReserved": "2019-07-26T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7612 (GCVE-0-2019-7612)
Vulnerability from cvelistv5 – Published: 2019-03-25 18:34 – Updated: 2024-08-04 20:54
VLAI?
Summary
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Severity ?
No CVSS data available.
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logstash",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.15 and 6.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T21:06:03",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logstash",
"version": {
"version_data": [
{
"version_value": "before 5.6.15 and 6.6.1"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190411-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190411-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7612",
"datePublished": "2019-03-25T18:34:06",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19985 (GCVE-0-2018-19985)
Vulnerability from cvelistv5 – Published: 2019-03-17 19:48 – Updated: 2024-08-05 11:51
VLAI?
Summary
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hexhive.epfl.ch/projects/perifuzz/"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hexhive.epfl.ch/projects/perifuzz/"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/52",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/52"
},
{
"name": "https://hexhive.epfl.ch/projects/perifuzz/",
"refsource": "MISC",
"url": "https://hexhive.epfl.ch/projects/perifuzz/"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-4115-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19985",
"datePublished": "2019-03-17T19:48:52",
"dateReserved": "2018-12-09T00:00:00",
"dateUpdated": "2024-08-05T11:51:17.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7222 (GCVE-0-2019-7222)
Vulnerability from cvelistv5 – Published: 2019-03-17 18:52 – Updated: 2024-08-04 20:46
VLAI?
Summary
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"name": "106963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106963"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a"
},
{
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"name": "106963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106963"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a"
},
{
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "USN-3933-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-164946aa7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"name": "106963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106963"
},
{
"name": "FEDORA-2019-3da64f3e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a"
},
{
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3933-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "USN-3933-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHSA-2019:2043",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7222",
"datePublished": "2019-03-17T18:52:17",
"dateReserved": "2019-01-30T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7221 (GCVE-0-2019-7221)
Vulnerability from cvelistv5 – Published: 2019-03-17 18:26 – Updated: 2024-08-04 20:46
VLAI?
Summary
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:44.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T11:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/02/18/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "https://support.f5.com/csp/article/K08413011",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7221",
"datePublished": "2019-03-17T18:26:10",
"dateReserved": "2019-01-30T00:00:00",
"dateUpdated": "2024-08-04T20:46:44.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6454 (GCVE-0-2019-6454)
Vulnerability from cvelistv5 – Published: 2019-03-17 16:38 – Updated: 2024-08-04 20:23
VLAI?
Summary
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-8434288a24",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"
},
{
"name": "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"
},
{
"name": "107081",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107081"
},
{
"name": "USN-3891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3891-1/"
},
{
"name": "RHSA-2019:0368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"
},
{
"name": "SUSE-SA:2019:0255-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"
},
{
"name": "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"
},
{
"name": "[SECURITY] [DLA 1684-1] 20190219 systemd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"
},
{
"name": "DSA-4393-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"name": "RHSA-2019:0990",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0990"
},
{
"name": "openSUSE-SU-2019:1450",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"
},
{
"name": "RHSA-2019:1322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1322"
},
{
"name": "RHSA-2019:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1502"
},
{
"name": "RHSA-2019:2805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2805"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T14:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2019-8434288a24",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"
},
{
"name": "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"
},
{
"name": "107081",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107081"
},
{
"name": "USN-3891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3891-1/"
},
{
"name": "RHSA-2019:0368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"
},
{
"name": "SUSE-SA:2019:0255-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"
},
{
"name": "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"
},
{
"name": "[SECURITY] [DLA 1684-1] 20190219 systemd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"
},
{
"name": "DSA-4393-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"name": "RHSA-2019:0990",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0990"
},
{
"name": "openSUSE-SU-2019:1450",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"
},
{
"name": "RHSA-2019:1322",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1322"
},
{
"name": "RHSA-2019:1502",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1502"
},
{
"name": "RHSA-2019:2805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2805"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-8434288a24",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/"
},
{
"name": "[oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/3"
},
{
"name": "107081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107081"
},
{
"name": "USN-3891-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3891-1/"
},
{
"name": "RHSA-2019:0368",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0368"
},
{
"name": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c",
"refsource": "MISC",
"url": "https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c"
},
{
"name": "SUSE-SA:2019:0255-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html"
},
{
"name": "[oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/02/19/1"
},
{
"name": "[SECURITY] [DLA 1684-1] 20190219 systemd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html"
},
{
"name": "DSA-4393-1",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4393"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0004/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"name": "RHSA-2019:0990",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0990"
},
{
"name": "openSUSE-SU-2019:1450",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html"
},
{
"name": "RHSA-2019:1322",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1322"
},
{
"name": "RHSA-2019:1502",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1502"
},
{
"name": "RHSA-2019:2805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2805"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6454",
"datePublished": "2019-03-17T16:38:57",
"dateReserved": "2019-01-16T00:00:00",
"dateUpdated": "2024-08-04T20:23:21.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16888 (GCVE-0-2018-16888)
Vulnerability from cvelistv5 – Published: 2019-01-14 22:00 – Updated: 2024-08-05 10:39
VLAI?
Summary
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
Severity ?
4.4 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The systemd Project | systemd |
Affected:
v237
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:58.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "USN-4269-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4269-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "systemd",
"vendor": "The systemd Project",
"versions": [
{
"status": "affected",
"version": "v237"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T01:06:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "USN-4269-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4269-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "systemd",
"version": {
"version_data": [
{
"version_value": "v237"
}
]
}
}
]
},
"vendor_name": "The systemd Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.4/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190307-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190307-0007/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888"
},
{
"name": "RHSA-2019:2091",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E"
},
{
"name": "USN-4269-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4269-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16888",
"datePublished": "2019-01-14T22:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:39:58.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16866 (GCVE-0-2018-16866)
Vulnerability from cvelistv5 – Published: 2019-01-11 19:00 – Updated: 2025-06-09 15:41
VLAI?
Summary
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
Severity ?
4.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The systemd Project | systemd |
Affected:
from v221 to v239
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4367",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4367"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
},
{
"name": "USN-3855-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3855-1/"
},
{
"name": "106527",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106527"
},
{
"name": "GLSA-201903-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-07"
},
{
"name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
},
{
"name": "20190513 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
},
{
"name": "20190513 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/21"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "RHSA-2019:3222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
},
{
"name": "RHSA-2020:0593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0593"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-16866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:41:29.041122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:41:39.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "systemd",
"vendor": "The systemd Project",
"versions": [
{
"status": "affected",
"version": "from v221 to v239"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon \u0027:\u0027. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T14:06:20.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-4367",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4367"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190117-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"
},
{
"name": "USN-3855-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3855-1/"
},
{
"name": "106527",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106527"
},
{
"name": "GLSA-201903-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-07"
},
{
"name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/10/4"
},
{
"name": "20190513 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"
},
{
"name": "20190513 Re: System Down: A systemd-journald exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/21"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "RHSA-2019:3222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
},
{
"name": "RHSA-2020:0593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0593"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16866",
"datePublished": "2019-01-11T19:00:00.000Z",
"dateReserved": "2018-09-11T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:41:39.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5489 (GCVE-0-2019-5489)
Vulnerability from cvelistv5 – Published: 2019-01-07 18:00 – Updated: 2024-08-04 19:54
VLAI?
Summary
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106478"
},
{
"name": "openSUSE-SU-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "DSA-4465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "openSUSE-SU-2019:1579",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:2473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"name": "RHSA-2019:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2808"
},
{
"name": "RHSA-2019:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2019:4056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
},
{
"name": "RHSA-2019:4159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4159"
},
{
"name": "RHSA-2019:4164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4164"
},
{
"name": "RHSA-2019:4255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/abs/1901.01161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:23:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106478"
},
{
"name": "openSUSE-SU-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "DSA-4465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "openSUSE-SU-2019:1579",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:2473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"name": "RHSA-2019:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2808"
},
{
"name": "RHSA-2019:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2019:4056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
},
{
"name": "RHSA-2019:4159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4159"
},
{
"name": "RHSA-2019:4164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4164"
},
{
"name": "RHSA-2019:4255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/abs/1901.01161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106478"
},
{
"name": "openSUSE-SU-2019:1479",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "DSA-4465",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1570",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "openSUSE-SU-2019:1579",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "RHSA-2019:2043",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:2473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"name": "RHSA-2019:2808",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2808"
},
{
"name": "RHSA-2019:2837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"name": "RHSA-2019:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2019:4056",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
},
{
"name": "RHSA-2019:4159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4159"
},
{
"name": "RHSA-2019:4164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4164"
},
{
"name": "RHSA-2019:4255",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"name": "RHSA-2020:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/",
"refsource": "MISC",
"url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1120843",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843"
},
{
"name": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"name": "https://arxiv.org/abs/1901.01161",
"refsource": "MISC",
"url": "https://arxiv.org/abs/1901.01161"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190307-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190307-0001/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5489",
"datePublished": "2019-01-07T18:00:00",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19039 (GCVE-0-2018-19039)
Vulnerability from cvelistv5 – Published: 2018-12-13 19:00 – Updated: 2024-08-05 11:23
VLAI?
Summary
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/"
},
{
"name": "RHSA-2019:0747",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0747"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0004/"
},
{
"name": "RHSA-2019:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0911"
},
{
"name": "openSUSE-SU-2020:1611",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-04T17:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/"
},
{
"name": "RHSA-2019:0747",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0747"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0004/"
},
{
"name": "RHSA-2019:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0911"
},
{
"name": "openSUSE-SU-2020:1611",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105994"
},
{
"name": "https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961",
"refsource": "CONFIRM",
"url": "https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961"
},
{
"name": "https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/",
"refsource": "CONFIRM",
"url": "https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/"
},
{
"name": "RHSA-2019:0747",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0747"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190416-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190416-0004/"
},
{
"name": "RHSA-2019:0911",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0911"
},
{
"name": "openSUSE-SU-2020:1611",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19039",
"datePublished": "2018-12-13T19:00:00",
"dateReserved": "2018-11-06T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14634 (GCVE-0-2018-14634)
Vulnerability from cvelistv5 – Published: 2018-09-25 21:00 – Updated: 2026-01-26 23:20
VLAI?
Summary
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Foundation | kernel |
Affected:
2.6.x, 3.10.x, 4.14.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3540"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0002/"
},
{
"name": "RHSA-2018:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2925"
},
{
"name": "RHSA-2018:3591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3591"
},
{
"name": "45516",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45516/"
},
{
"name": "USN-3775-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3775-1/"
},
{
"name": "RHSA-2018:2933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2933"
},
{
"name": "USN-3779-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3779-1/"
},
{
"name": "RHSA-2018:2748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2748"
},
{
"name": "RHSA-2018:3590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3590"
},
{
"name": "USN-3775-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3775-2/"
},
{
"name": "RHSA-2018:2763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2763"
},
{
"name": "105407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105407"
},
{
"name": "RHSA-2018:2924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2924"
},
{
"name": "RHSA-2018:3586",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3586"
},
{
"name": "RHSA-2018:3643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3643"
},
{
"name": "RHSA-2018:2846",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2846"
},
{
"name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/09/25/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-14634"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-14634",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T20:54:25.852098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-01-26",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T23:20:23.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-26T00:00:00+00:00",
"value": "CVE-2018-14634 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "The Linux Foundation",
"versions": [
{
"status": "affected",
"version": "2.6.x, 3.10.x, 4.14.x"
}
]
}
],
"datePublic": "2018-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow flaw was found in the Linux kernel\u0027s create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T14:06:15.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:3540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3540"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0002/"
},
{
"name": "RHSA-2018:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2925"
},
{
"name": "RHSA-2018:3591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3591"
},
{
"name": "45516",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45516/"
},
{
"name": "USN-3775-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3775-1/"
},
{
"name": "RHSA-2018:2933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2933"
},
{
"name": "USN-3779-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3779-1/"
},
{
"name": "RHSA-2018:2748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2748"
},
{
"name": "RHSA-2018:3590",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3590"
},
{
"name": "USN-3775-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3775-2/"
},
{
"name": "RHSA-2018:2763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2763"
},
{
"name": "105407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105407"
},
{
"name": "RHSA-2018:2924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2924"
},
{
"name": "RHSA-2018:3586",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3586"
},
{
"name": "RHSA-2018:3643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3643"
},
{
"name": "RHSA-2018:2846",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2846"
},
{
"name": "[oss-security] 20180925 Integer overflow in Linux\u0027s create_elf_tables() (CVE-2018-14634)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2018/09/25/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K20934447?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2018-14634"
},
{
"name": "[oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/07/20/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-14634",
"datePublished": "2018-09-25T21:00:00.000Z",
"dateReserved": "2018-07-27T00:00:00.000Z",
"dateUpdated": "2026-01-26T23:20:23.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-16597 (GCVE-0-2018-16597)
Vulnerability from cvelistv5 – Published: 2018-09-21 16:00 – Updated: 2024-08-05 10:24
VLAI?
Summary
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K22691834"
},
{
"name": "openSUSE-SU-2018:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T18:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K22691834"
},
{
"name": "openSUSE-SU-2018:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105394"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1106512",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862"
},
{
"name": "https://support.f5.com/csp/article/K22691834",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K22691834"
},
{
"name": "openSUSE-SU-2018:3202",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html"
},
{
"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/33"
},
{
"name": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16597",
"datePublished": "2018-09-21T16:00:00",
"dateReserved": "2018-09-06T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17182 (GCVE-0-2018-17182)
Vulnerability from cvelistv5 – Published: 2018-09-19 09:00 – Updated: 2024-08-05 10:39
VLAI?
Summary
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:59.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3776-1/"
},
{
"name": "USN-3776-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3776-2/"
},
{
"name": "USN-3777-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3777-1/"
},
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name": "RHSA-2018:3656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3656"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "DSA-4308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "105417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105417"
},
{
"name": "45497",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45497/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
},
{
"name": "1041748",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041748"
},
{
"name": "USN-3777-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3777-2/"
},
{
"name": "106503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3777-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-05T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3776-1/"
},
{
"name": "USN-3776-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3776-2/"
},
{
"name": "USN-3777-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3777-1/"
},
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name": "RHSA-2018:3656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3656"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "DSA-4308",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "105417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105417"
},
{
"name": "45497",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45497/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
},
{
"name": "1041748",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041748"
},
{
"name": "USN-3777-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3777-2/"
},
{
"name": "106503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3777-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3776-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3776-1/"
},
{
"name": "USN-3776-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3776-2/"
},
{
"name": "USN-3777-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-1/"
},
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name": "RHSA-2018:3656",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3656"
},
{
"name": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "DSA-4308",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "105417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105417"
},
{
"name": "45497",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45497/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2018/09/18/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
},
{
"name": "1041748",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041748"
},
{
"name": "USN-3777-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-2/"
},
{
"name": "106503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106503"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "USN-3777-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17182",
"datePublished": "2018-09-19T09:00:00",
"dateReserved": "2018-09-19T00:00:00",
"dateUpdated": "2024-08-05T10:39:59.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}