Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for mrg_realtime by redhat

    CVE-2019-9506 (GCVE-0-2019-9506)

    Vulnerability from nvd – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
    VLAI
    Title
    Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
    Summary
    The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
    CWE
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/918987/ third-party-advisoryx_refsource_CERT-VN
    http://www.cs.ox.ac.uk/publications/publication12… x_refsource_MISC
    https://www.usenix.org/conference/usenixsecurity1… x_refsource_MISC
    https://www.bluetooth.com/security/statement-key-… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Aug/14 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/13 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/15 mailing-listx_refsource_FULLDISC
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    https://usn.ubuntu.com/4115-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4118-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4147-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:2975 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2019:3076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3231 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3517 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0204 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Bluetooth BR/EDR Affected: 5.1 , ≤ 5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-08-14 00:00
    Credits
    Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#918987",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/918987/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
              },
              {
                "name": "USN-4115-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4115-1/"
              },
              {
                "name": "USN-4118-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4118-1/"
              },
              {
                "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
              },
              {
                "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
              },
              {
                "name": "USN-4147-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4147-1/"
              },
              {
                "name": "RHSA-2019:2975",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2975"
              },
              {
                "name": "openSUSE-SU-2019:2307",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
              },
              {
                "name": "openSUSE-SU-2019:2308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
              },
              {
                "name": "RHSA-2019:3076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3076"
              },
              {
                "name": "RHSA-2019:3055",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3055"
              },
              {
                "name": "RHSA-2019:3089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
              },
              {
                "name": "RHSA-2019:3187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3187"
              },
              {
                "name": "RHSA-2019:3165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3165"
              },
              {
                "name": "RHSA-2019:3217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3217"
              },
              {
                "name": "RHSA-2019:3220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3220"
              },
              {
                "name": "RHSA-2019:3231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3231"
              },
              {
                "name": "RHSA-2019:3218",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3218"
              },
              {
                "name": "RHSA-2019:3309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3309"
              },
              {
                "name": "RHSA-2019:3517",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3517"
              },
              {
                "name": "RHSA-2020:0204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0204"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "N/A"
              ],
              "product": "BR/EDR",
              "vendor": "Bluetooth",
              "versions": [
                {
                  "lessThanOrEqual": "5.1",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
            }
          ],
          "datePublic": "2019-08-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CWE-310 Cryptographic Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-30T10:06:23.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#918987",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/918987/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
            },
            {
              "name": "USN-4115-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4115-1/"
            },
            {
              "name": "USN-4118-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4118-1/"
            },
            {
              "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
            },
            {
              "name": "USN-4147-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4147-1/"
            },
            {
              "name": "RHSA-2019:2975",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2975"
            },
            {
              "name": "openSUSE-SU-2019:2307",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2019:2308",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
            },
            {
              "name": "RHSA-2019:3076",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3076"
            },
            {
              "name": "RHSA-2019:3055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3055"
            },
            {
              "name": "RHSA-2019:3089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3089"
            },
            {
              "name": "RHSA-2019:3187",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3187"
            },
            {
              "name": "RHSA-2019:3165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3165"
            },
            {
              "name": "RHSA-2019:3217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3217"
            },
            {
              "name": "RHSA-2019:3220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3220"
            },
            {
              "name": "RHSA-2019:3231",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3231"
            },
            {
              "name": "RHSA-2019:3218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3218"
            },
            {
              "name": "RHSA-2019:3309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3309"
            },
            {
              "name": "RHSA-2019:3517",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3517"
            },
            {
              "name": "RHSA-2020:0204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0204"
            }
          ],
          "source": {
            "advisory": "VU#918987",
            "defect": [
              "VU#918987"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
          "workarounds": [
            {
              "lang": "en",
              "value": "Bluetooth SIG Expedited Errata Correction 11838"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "KNOB",
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-08-14",
              "ID": "CVE-2019-9506",
              "STATE": "PUBLIC",
              "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BR/EDR",
                          "version": {
                            "version_data": [
                              {
                                "platform": "N/A",
                                "version_affected": "\u003c=",
                                "version_name": "5.1",
                                "version_value": "5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bluetooth"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-310 Cryptographic Issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#918987",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/918987/"
                },
                {
                  "name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
                  "refsource": "MISC",
                  "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
                },
                {
                  "name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
                  "refsource": "MISC",
                  "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
                },
                {
                  "name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
                  "refsource": "CONFIRM",
                  "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
                },
                {
                  "name": "USN-4115-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4115-1/"
                },
                {
                  "name": "USN-4118-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4118-1/"
                },
                {
                  "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
                },
                {
                  "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
                },
                {
                  "name": "USN-4147-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4147-1/"
                },
                {
                  "name": "RHSA-2019:2975",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2975"
                },
                {
                  "name": "openSUSE-SU-2019:2307",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
                },
                {
                  "name": "openSUSE-SU-2019:2308",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
                },
                {
                  "name": "RHSA-2019:3076",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3076"
                },
                {
                  "name": "RHSA-2019:3055",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3055"
                },
                {
                  "name": "RHSA-2019:3089",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3089"
                },
                {
                  "name": "RHSA-2019:3187",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3187"
                },
                {
                  "name": "RHSA-2019:3165",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3165"
                },
                {
                  "name": "RHSA-2019:3217",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3217"
                },
                {
                  "name": "RHSA-2019:3220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3220"
                },
                {
                  "name": "RHSA-2019:3231",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3231"
                },
                {
                  "name": "RHSA-2019:3218",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3218"
                },
                {
                  "name": "RHSA-2019:3309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3309"
                },
                {
                  "name": "RHSA-2019:3517",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3517"
                },
                {
                  "name": "RHSA-2020:0204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0204"
                }
              ]
            },
            "source": {
              "advisory": "VU#918987",
              "defect": [
                "VU#918987"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Bluetooth SIG Expedited Errata Correction 11838"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9506",
        "datePublished": "2019-08-14T16:27:45.059Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:13.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16871 (GCVE-0-2018-16871)

    Vulnerability from nvd – Published: 2019-07-30 16:19 – Updated: 2024-08-05 10:32
    VLAI
    Summary
    A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat kernel: Affected: all 3.x, all 4.x up to 4.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:32:54.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871"
              },
              {
                "name": "RHSA-2019:2696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2696"
              },
              {
                "name": "RHSA-2019:2730",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2730"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K18657134"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K18657134?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "name": "RHSA-2020:0740",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211004-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "all 3.x, all 4.x up to 4.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-04T18:06:18.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871"
            },
            {
              "name": "RHSA-2019:2696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2696"
            },
            {
              "name": "RHSA-2019:2730",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2730"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K18657134"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K18657134?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "name": "RHSA-2020:0740",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20211004-0002/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-16871",
        "datePublished": "2019-07-30T16:19:25.000Z",
        "dateReserved": "2018-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:32:54.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18344 (GCVE-0-2017-18344)

    Vulnerability from nvd – Published: 2018-07-26 19:00 – Updated: 2024-08-05 21:20
    VLAI
    Summary
    The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:3540 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3083 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3591 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3459 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1041414 vdb-entryx_refsource_SECTRACK
    https://cdn.kernel.org/pub/linux/kernel/v4.x/Chan… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:3590 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    https://github.com/torvalds/linux/commit/cef31d9a… x_refsource_MISC
    https://usn.ubuntu.com/3742-2/ vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/104909 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3742-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3586 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/45175/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2018:3096 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:20:50.543Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:3540",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3540"
              },
              {
                "name": "RHSA-2018:3083",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3083"
              },
              {
                "name": "RHSA-2018:3591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3591"
              },
              {
                "name": "RHSA-2018:3459",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3459"
              },
              {
                "name": "1041414",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041414"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
              },
              {
                "name": "RHSA-2018:3590",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3590"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
              },
              {
                "name": "USN-3742-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3742-2/"
              },
              {
                "name": "104909",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104909"
              },
              {
                "name": "USN-3742-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3742-1/"
              },
              {
                "name": "RHSA-2018:3586",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3586"
              },
              {
                "name": "45175",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45175/"
              },
              {
                "name": "RHSA-2018:3096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3096"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn\u0027t properly validate the sigevent-\u003esigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2018:3540",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3540"
            },
            {
              "name": "RHSA-2018:3083",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "RHSA-2018:3591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3591"
            },
            {
              "name": "RHSA-2018:3459",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3459"
            },
            {
              "name": "1041414",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041414"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
            },
            {
              "name": "RHSA-2018:3590",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3590"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
            },
            {
              "name": "USN-3742-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "104909",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104909"
            },
            {
              "name": "USN-3742-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:3586",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3586"
            },
            {
              "name": "45175",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45175/"
            },
            {
              "name": "RHSA-2018:3096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn\u0027t properly validate the sigevent-\u003esigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:3540",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3540"
                },
                {
                  "name": "RHSA-2018:3083",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3083"
                },
                {
                  "name": "RHSA-2018:3591",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3591"
                },
                {
                  "name": "RHSA-2018:3459",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3459"
                },
                {
                  "name": "1041414",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041414"
                },
                {
                  "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
                  "refsource": "MISC",
                  "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
                },
                {
                  "name": "RHSA-2018:3590",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3590"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
                },
                {
                  "name": "USN-3742-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3742-2/"
                },
                {
                  "name": "104909",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104909"
                },
                {
                  "name": "USN-3742-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3742-1/"
                },
                {
                  "name": "RHSA-2018:3586",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3586"
                },
                {
                  "name": "45175",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45175/"
                },
                {
                  "name": "RHSA-2018:3096",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3096"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18344",
        "datePublished": "2018-07-26T19:00:00.000Z",
        "dateReserved": "2018-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:20:50.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13405 (GCVE-0-2018-13405)

    Vulnerability from nvd – Published: 2018-07-06 14:00 – Updated: 2024-08-05 09:00
    VLAI
    Summary
    The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3752-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3083 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3752-3/ vendor-advisoryx_refsource_UBUNTU
    https://twitter.com/grsecurity/status/10150829512… x_refsource_MISC
    https://usn.ubuntu.com/3753-2/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3754-1/ vendor-advisoryx_refsource_UBUNTU
    http://openwall.com/lists/oss-security/2018/07/13/2 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.exploit-db.com/exploits/45033/ exploitx_refsource_EXPLOIT-DB
    https://www.debian.org/security/2018/dsa-4266 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/106503 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3752-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3096 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3753-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/torvalds/linux/commit/0fa3ecd8… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2019:0717 vendor-advisoryx_refsource_REDHAT
    https://support.f5.com/csp/article/K00854051 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2019:2476 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2730 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:4159 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:4164 vendor-advisoryx_refsource_REDHAT
    https://git.kernel.org/pub/scm/linux/kernel/git/t… x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    Date Public
    2018-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:00:35.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3752-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3752-2/"
              },
              {
                "name": "RHSA-2018:3083",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3083"
              },
              {
                "name": "USN-3752-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3752-3/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/grsecurity/status/1015082951204327425"
              },
              {
                "name": "USN-3753-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3753-2/"
              },
              {
                "name": "USN-3754-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3754-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2018/07/13/2"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
              },
              {
                "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
              },
              {
                "name": "45033",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45033/"
              },
              {
                "name": "DSA-4266",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4266"
              },
              {
                "name": "106503",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106503"
              },
              {
                "name": "USN-3752-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3752-1/"
              },
              {
                "name": "RHSA-2018:3096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3096"
              },
              {
                "name": "USN-3753-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3753-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
              },
              {
                "name": "RHSA-2019:0717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:0717"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K00854051"
              },
              {
                "name": "RHSA-2019:2476",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2476"
              },
              {
                "name": "RHSA-2019:2566",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2566"
              },
              {
                "name": "RHSA-2019:2696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2696"
              },
              {
                "name": "RHSA-2019:2730",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2730"
              },
              {
                "name": "RHSA-2019:4159",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4159"
              },
              {
                "name": "RHSA-2019:4164",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4164"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406"
              },
              {
                "name": "FEDORA-2022-3a60c34473",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
              },
              {
                "name": "FEDORA-2022-5d0676b098",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-25T18:06:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3752-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3752-2/"
            },
            {
              "name": "RHSA-2018:3083",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "USN-3752-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3752-3/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/grsecurity/status/1015082951204327425"
            },
            {
              "name": "USN-3753-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3753-2/"
            },
            {
              "name": "USN-3754-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://openwall.com/lists/oss-security/2018/07/13/2"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
            },
            {
              "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
            },
            {
              "name": "45033",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45033/"
            },
            {
              "name": "DSA-4266",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4266"
            },
            {
              "name": "106503",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106503"
            },
            {
              "name": "USN-3752-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3752-1/"
            },
            {
              "name": "RHSA-2018:3096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            },
            {
              "name": "USN-3753-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3753-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
            },
            {
              "name": "RHSA-2019:0717",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0717"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K00854051"
            },
            {
              "name": "RHSA-2019:2476",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2476"
            },
            {
              "name": "RHSA-2019:2566",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2566"
            },
            {
              "name": "RHSA-2019:2696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2696"
            },
            {
              "name": "RHSA-2019:2730",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2730"
            },
            {
              "name": "RHSA-2019:4159",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4159"
            },
            {
              "name": "RHSA-2019:4164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4164"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406"
            },
            {
              "name": "FEDORA-2022-3a60c34473",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
            },
            {
              "name": "FEDORA-2022-5d0676b098",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-13405",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3752-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3752-2/"
                },
                {
                  "name": "RHSA-2018:3083",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3083"
                },
                {
                  "name": "USN-3752-3",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3752-3/"
                },
                {
                  "name": "https://twitter.com/grsecurity/status/1015082951204327425",
                  "refsource": "MISC",
                  "url": "https://twitter.com/grsecurity/status/1015082951204327425"
                },
                {
                  "name": "USN-3753-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3753-2/"
                },
                {
                  "name": "USN-3754-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3754-1/"
                },
                {
                  "name": "http://openwall.com/lists/oss-security/2018/07/13/2",
                  "refsource": "MISC",
                  "url": "http://openwall.com/lists/oss-security/2018/07/13/2"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7",
                  "refsource": "MISC",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
                },
                {
                  "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
                },
                {
                  "name": "45033",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45033/"
                },
                {
                  "name": "DSA-4266",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4266"
                },
                {
                  "name": "106503",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106503"
                },
                {
                  "name": "USN-3752-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3752-1/"
                },
                {
                  "name": "RHSA-2018:3096",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3096"
                },
                {
                  "name": "USN-3753-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3753-1/"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
                },
                {
                  "name": "RHSA-2019:0717",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:0717"
                },
                {
                  "name": "https://support.f5.com/csp/article/K00854051",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K00854051"
                },
                {
                  "name": "RHSA-2019:2476",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2476"
                },
                {
                  "name": "RHSA-2019:2566",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2566"
                },
                {
                  "name": "RHSA-2019:2696",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2696"
                },
                {
                  "name": "RHSA-2019:2730",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2730"
                },
                {
                  "name": "RHSA-2019:4159",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4159"
                },
                {
                  "name": "RHSA-2019:4164",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4164"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406"
                },
                {
                  "name": "FEDORA-2022-3a60c34473",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
                },
                {
                  "name": "FEDORA-2022-5d0676b098",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-13405",
        "datePublished": "2018-07-06T14:00:00.000Z",
        "dateReserved": "2018-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:00:35.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3639 (GCVE-0-2018-3639)

    Vulnerability from nvd – Published: 2018-05-22 12:00 – Updated: 2026-05-29 20:14
    VLAI
    Summary
    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    • CWE-203 - Observable Discrepancy
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:1689 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2162 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1641 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3680-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1997 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1665 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3407 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2001 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3423 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2003 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3654-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1645 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1643 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1652 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3424 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3402 vendor-advisoryx_refsource_REDHAT
    https://www.us-cert.gov/ncas/alerts/TA18-141A third-party-advisoryx_refsource_CERT
    https://access.redhat.com/errata/RHSA-2018:1656 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1664 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2258 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1688 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1658 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1657 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2289 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1666 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1042004 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:1675 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1660 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1965 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1661 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1633 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1636 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2006 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2250 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1040949 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:3401 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1737 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1826 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3651-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2018/dsa-4210 vendor-advisoryx_refsource_DEBIAN
    https://www.exploit-db.com/exploits/44695/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2018:1651 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1638 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2246 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1644 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1646 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:1639 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1668 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1637 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    https://www.kb.cert.org/vuls/id/180049 third-party-advisoryx_refsource_CERT-VN
    https://access.redhat.com/errata/RHSA-2018:1686 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2172 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1663 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3652-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1655 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1640 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1669 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1676 vendor-advisoryx_refsource_REDHAT
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    https://access.redhat.com/errata/RHSA-2018:3425 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2363 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1632 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1650 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2364 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3653-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2216 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3655-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1649 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2309 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/104232 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:1653 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2171 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1635 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:2394 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1710 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1659 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1711 vendor-advisoryx_refsource_REDHAT
    https://www.debian.org/security/2018/dsa-4273 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2018:1738 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1674 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1667 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3654-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1662 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1647 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1967 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3655-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3399 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2060 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1690 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3653-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2161 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:2328 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1648 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2387 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:0148 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1654 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3679-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3777-3/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1642 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3397 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3756-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3398 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3400 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2228 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2019:1046 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2019/Jun/36 mailing-listx_refsource_BUGTRAQ
    http://www.openwall.com/lists/oss-security/2020/06/10/1 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/06/10/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/06/10/5 mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_CONFIRM
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    http://support.lenovo.com/us/en/solutions/LEN-22133 x_refsource_CONFIRM
    https://psirt.global.sonicwall.com/vuln-detail/SN… x_refsource_CONFIRM
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    https://support.citrix.com/article/CTX235225 x_refsource_CONFIRM
    https://www.intel.com/content/www/us/en/security-… x_refsource_CONFIRM
    https://www.synology.com/support/security/Synolog… x_refsource_CONFIRM
    https://developer.arm.com/support/arm-security-up… x_refsource_CONFIRM
    http://www.fujitsu.com/global/support/products/so… x_refsource_CONFIRM
    http://xenbits.xen.org/xsa/advisory-263.html x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://www.mitel.com/en-ca/support/security-advi… x_refsource_CONFIRM
    https://support.hpe.com/hpsc/doc/public/display?d… x_refsource_CONFIRM
    https://bugs.chromium.org/p/project-zero/issues/d… x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2018052… x_refsource_CONFIRM
    https://nvidia.custhelp.com/app/answers/detail/a_… x_refsource_CONFIRM
    https://support.oracle.com/knowledge/Sun%20Micros… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Impacted products
    Vendor Product Version
    Intel Corporation Multiple Affected: Multiple
    Create a notification for this product.
    Date Public
    2018-05-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:1689",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1689"
              },
              {
                "name": "RHSA-2018:2162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2162"
              },
              {
                "name": "RHSA-2018:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1641"
              },
              {
                "name": "USN-3680-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3680-1/"
              },
              {
                "name": "RHSA-2018:1997",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1997"
              },
              {
                "name": "RHSA-2018:1665",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1665"
              },
              {
                "name": "RHSA-2018:3407",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3407"
              },
              {
                "name": "RHSA-2018:2164",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2164"
              },
              {
                "name": "RHSA-2018:2001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2001"
              },
              {
                "name": "RHSA-2018:3423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3423"
              },
              {
                "name": "RHSA-2018:2003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2003"
              },
              {
                "name": "USN-3654-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3654-1/"
              },
              {
                "name": "RHSA-2018:1645",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1645"
              },
              {
                "name": "RHSA-2018:1643",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1643"
              },
              {
                "name": "RHSA-2018:1652",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1652"
              },
              {
                "name": "RHSA-2018:3424",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3424"
              },
              {
                "name": "RHSA-2018:3402",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3402"
              },
              {
                "name": "TA18-141A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
              },
              {
                "name": "RHSA-2018:1656",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1656"
              },
              {
                "name": "RHSA-2018:1664",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1664"
              },
              {
                "name": "RHSA-2018:2258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2258"
              },
              {
                "name": "RHSA-2018:1688",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1688"
              },
              {
                "name": "RHSA-2018:1658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1658"
              },
              {
                "name": "RHSA-2018:1657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1657"
              },
              {
                "name": "RHSA-2018:2289",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2289"
              },
              {
                "name": "RHSA-2018:1666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1666"
              },
              {
                "name": "1042004",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042004"
              },
              {
                "name": "RHSA-2018:1675",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1675"
              },
              {
                "name": "RHSA-2018:1660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1660"
              },
              {
                "name": "RHSA-2018:1965",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1965"
              },
              {
                "name": "RHSA-2018:1661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1661"
              },
              {
                "name": "RHSA-2018:1633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1633"
              },
              {
                "name": "RHSA-2018:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1636"
              },
              {
                "name": "RHSA-2018:1854",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1854"
              },
              {
                "name": "RHSA-2018:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2006"
              },
              {
                "name": "RHSA-2018:2250",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2250"
              },
              {
                "name": "1040949",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040949"
              },
              {
                "name": "RHSA-2018:3401",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3401"
              },
              {
                "name": "RHSA-2018:1737",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1737"
              },
              {
                "name": "RHSA-2018:1826",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1826"
              },
              {
                "name": "USN-3651-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3651-1/"
              },
              {
                "name": "DSA-4210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4210"
              },
              {
                "name": "44695",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44695/"
              },
              {
                "name": "RHSA-2018:1651",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1651"
              },
              {
                "name": "RHSA-2018:1638",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1638"
              },
              {
                "name": "RHSA-2018:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1696"
              },
              {
                "name": "RHSA-2018:2246",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2246"
              },
              {
                "name": "RHSA-2018:1644",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1644"
              },
              {
                "name": "RHSA-2018:1646",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1646"
              },
              {
                "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
              },
              {
                "name": "RHSA-2018:1639",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1639"
              },
              {
                "name": "RHSA-2018:1668",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1668"
              },
              {
                "name": "RHSA-2018:1637",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1637"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "name": "VU#180049",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/180049"
              },
              {
                "name": "RHSA-2018:1686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1686"
              },
              {
                "name": "RHSA-2018:2172",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2172"
              },
              {
                "name": "RHSA-2018:1663",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1663"
              },
              {
                "name": "USN-3652-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3652-1/"
              },
              {
                "name": "RHSA-2018:1629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1629"
              },
              {
                "name": "RHSA-2018:1655",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1655"
              },
              {
                "name": "RHSA-2018:1640",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1640"
              },
              {
                "name": "RHSA-2018:1669",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1669"
              },
              {
                "name": "RHSA-2018:1676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1676"
              },
              {
                "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
              },
              {
                "name": "RHSA-2018:3425",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3425"
              },
              {
                "name": "RHSA-2018:2363",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2363"
              },
              {
                "name": "RHSA-2018:1632",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1632"
              },
              {
                "name": "RHSA-2018:1650",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1650"
              },
              {
                "name": "RHSA-2018:2396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2396"
              },
              {
                "name": "RHSA-2018:2364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2364"
              },
              {
                "name": "USN-3653-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3653-2/"
              },
              {
                "name": "RHSA-2018:2216",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2216"
              },
              {
                "name": "USN-3655-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3655-1/"
              },
              {
                "name": "RHSA-2018:1649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1649"
              },
              {
                "name": "RHSA-2018:2309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2309"
              },
              {
                "name": "104232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104232"
              },
              {
                "name": "RHSA-2018:1653",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1653"
              },
              {
                "name": "RHSA-2018:2171",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2171"
              },
              {
                "name": "RHSA-2018:1635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1635"
              },
              {
                "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
              },
              {
                "name": "RHSA-2018:2394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2394"
              },
              {
                "name": "RHSA-2018:1710",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1710"
              },
              {
                "name": "RHSA-2018:1659",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1659"
              },
              {
                "name": "RHSA-2018:1711",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1711"
              },
              {
                "name": "DSA-4273",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4273"
              },
              {
                "name": "RHSA-2018:1738",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1738"
              },
              {
                "name": "RHSA-2018:1674",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1674"
              },
              {
                "name": "RHSA-2018:3396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3396"
              },
              {
                "name": "RHSA-2018:1667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1667"
              },
              {
                "name": "USN-3654-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3654-2/"
              },
              {
                "name": "RHSA-2018:1662",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1662"
              },
              {
                "name": "RHSA-2018:1630",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1630"
              },
              {
                "name": "RHSA-2018:1647",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1647"
              },
              {
                "name": "RHSA-2018:1967",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1967"
              },
              {
                "name": "USN-3655-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3655-2/"
              },
              {
                "name": "RHSA-2018:3399",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3399"
              },
              {
                "name": "RHSA-2018:2060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2060"
              },
              {
                "name": "RHSA-2018:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1690"
              },
              {
                "name": "USN-3653-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3653-1/"
              },
              {
                "name": "RHSA-2018:2161",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2161"
              },
              {
                "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
              },
              {
                "name": "RHSA-2018:2328",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2328"
              },
              {
                "name": "RHSA-2018:1648",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1648"
              },
              {
                "name": "RHSA-2018:2387",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2387"
              },
              {
                "name": "RHSA-2019:0148",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:0148"
              },
              {
                "name": "RHSA-2018:1654",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1654"
              },
              {
                "name": "USN-3679-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3679-1/"
              },
              {
                "name": "USN-3777-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3777-3/"
              },
              {
                "name": "RHSA-2018:1642",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1642"
              },
              {
                "name": "RHSA-2018:3397",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3397"
              },
              {
                "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
              },
              {
                "name": "USN-3756-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3756-1/"
              },
              {
                "name": "RHSA-2018:3398",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3398"
              },
              {
                "name": "RHSA-2018:3400",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3400"
              },
              {
                "name": "RHSA-2018:2228",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2228"
              },
              {
                "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
              },
              {
                "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
              },
              {
                "name": "RHSA-2019:1046",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1046"
              },
              {
                "name": "openSUSE-SU-2019:1439",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
              },
              {
                "name": "openSUSE-SU-2019:1438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
              },
              {
                "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/36"
              },
              {
                "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
              },
              {
                "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
              },
              {
                "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX235225"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xenbits.xen.org/xsa/advisory-263.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
              },
              {
                "name": "openSUSE-SU-2020:1325",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-3639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T20:13:59.457681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T20:14:05.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple",
              "vendor": "Intel Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Multiple"
                }
              ]
            }
          ],
          "datePublic": "2018-05-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-02T20:06:27.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "RHSA-2018:1689",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1689"
            },
            {
              "name": "RHSA-2018:2162",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2162"
            },
            {
              "name": "RHSA-2018:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1641"
            },
            {
              "name": "USN-3680-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3680-1/"
            },
            {
              "name": "RHSA-2018:1997",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1997"
            },
            {
              "name": "RHSA-2018:1665",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1665"
            },
            {
              "name": "RHSA-2018:3407",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3407"
            },
            {
              "name": "RHSA-2018:2164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2164"
            },
            {
              "name": "RHSA-2018:2001",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2001"
            },
            {
              "name": "RHSA-2018:3423",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3423"
            },
            {
              "name": "RHSA-2018:2003",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2003"
            },
            {
              "name": "USN-3654-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3654-1/"
            },
            {
              "name": "RHSA-2018:1645",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1645"
            },
            {
              "name": "RHSA-2018:1643",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1643"
            },
            {
              "name": "RHSA-2018:1652",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1652"
            },
            {
              "name": "RHSA-2018:3424",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3424"
            },
            {
              "name": "RHSA-2018:3402",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3402"
            },
            {
              "name": "TA18-141A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
            },
            {
              "name": "RHSA-2018:1656",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1656"
            },
            {
              "name": "RHSA-2018:1664",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1664"
            },
            {
              "name": "RHSA-2018:2258",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2258"
            },
            {
              "name": "RHSA-2018:1688",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1688"
            },
            {
              "name": "RHSA-2018:1658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1658"
            },
            {
              "name": "RHSA-2018:1657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1657"
            },
            {
              "name": "RHSA-2018:2289",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2289"
            },
            {
              "name": "RHSA-2018:1666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1666"
            },
            {
              "name": "1042004",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "RHSA-2018:1675",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1675"
            },
            {
              "name": "RHSA-2018:1660",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1660"
            },
            {
              "name": "RHSA-2018:1965",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1965"
            },
            {
              "name": "RHSA-2018:1661",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1661"
            },
            {
              "name": "RHSA-2018:1633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1633"
            },
            {
              "name": "RHSA-2018:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1636"
            },
            {
              "name": "RHSA-2018:1854",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1854"
            },
            {
              "name": "RHSA-2018:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2006"
            },
            {
              "name": "RHSA-2018:2250",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2250"
            },
            {
              "name": "1040949",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040949"
            },
            {
              "name": "RHSA-2018:3401",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3401"
            },
            {
              "name": "RHSA-2018:1737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "name": "RHSA-2018:1826",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1826"
            },
            {
              "name": "USN-3651-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3651-1/"
            },
            {
              "name": "DSA-4210",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4210"
            },
            {
              "name": "44695",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44695/"
            },
            {
              "name": "RHSA-2018:1651",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1651"
            },
            {
              "name": "RHSA-2018:1638",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1638"
            },
            {
              "name": "RHSA-2018:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1696"
            },
            {
              "name": "RHSA-2018:2246",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2246"
            },
            {
              "name": "RHSA-2018:1644",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1644"
            },
            {
              "name": "RHSA-2018:1646",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1646"
            },
            {
              "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
            },
            {
              "name": "RHSA-2018:1639",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1639"
            },
            {
              "name": "RHSA-2018:1668",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1668"
            },
            {
              "name": "RHSA-2018:1637",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1637"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "VU#180049",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "RHSA-2018:1686",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1686"
            },
            {
              "name": "RHSA-2018:2172",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2172"
            },
            {
              "name": "RHSA-2018:1663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1663"
            },
            {
              "name": "USN-3652-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3652-1/"
            },
            {
              "name": "RHSA-2018:1629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1629"
            },
            {
              "name": "RHSA-2018:1655",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1655"
            },
            {
              "name": "RHSA-2018:1640",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1640"
            },
            {
              "name": "RHSA-2018:1669",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1669"
            },
            {
              "name": "RHSA-2018:1676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1676"
            },
            {
              "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
            },
            {
              "name": "RHSA-2018:3425",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3425"
            },
            {
              "name": "RHSA-2018:2363",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2363"
            },
            {
              "name": "RHSA-2018:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1632"
            },
            {
              "name": "RHSA-2018:1650",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1650"
            },
            {
              "name": "RHSA-2018:2396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "RHSA-2018:2364",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2364"
            },
            {
              "name": "USN-3653-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3653-2/"
            },
            {
              "name": "RHSA-2018:2216",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2216"
            },
            {
              "name": "USN-3655-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "RHSA-2018:1649",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1649"
            },
            {
              "name": "RHSA-2018:2309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2309"
            },
            {
              "name": "104232",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104232"
            },
            {
              "name": "RHSA-2018:1653",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1653"
            },
            {
              "name": "RHSA-2018:2171",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2171"
            },
            {
              "name": "RHSA-2018:1635",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1635"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:1710",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1710"
            },
            {
              "name": "RHSA-2018:1659",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1659"
            },
            {
              "name": "RHSA-2018:1711",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1711"
            },
            {
              "name": "DSA-4273",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4273"
            },
            {
              "name": "RHSA-2018:1738",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1738"
            },
            {
              "name": "RHSA-2018:1674",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1674"
            },
            {
              "name": "RHSA-2018:3396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3396"
            },
            {
              "name": "RHSA-2018:1667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1667"
            },
            {
              "name": "USN-3654-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3654-2/"
            },
            {
              "name": "RHSA-2018:1662",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1662"
            },
            {
              "name": "RHSA-2018:1630",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1630"
            },
            {
              "name": "RHSA-2018:1647",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1647"
            },
            {
              "name": "RHSA-2018:1967",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1967"
            },
            {
              "name": "USN-3655-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "RHSA-2018:3399",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3399"
            },
            {
              "name": "RHSA-2018:2060",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2060"
            },
            {
              "name": "RHSA-2018:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1690"
            },
            {
              "name": "USN-3653-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3653-1/"
            },
            {
              "name": "RHSA-2018:2161",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2161"
            },
            {
              "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
            },
            {
              "name": "RHSA-2018:2328",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2328"
            },
            {
              "name": "RHSA-2018:1648",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1648"
            },
            {
              "name": "RHSA-2018:2387",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "RHSA-2019:0148",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0148"
            },
            {
              "name": "RHSA-2018:1654",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1654"
            },
            {
              "name": "USN-3679-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3679-1/"
            },
            {
              "name": "USN-3777-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3777-3/"
            },
            {
              "name": "RHSA-2018:1642",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1642"
            },
            {
              "name": "RHSA-2018:3397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3397"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "USN-3756-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "RHSA-2018:3398",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3398"
            },
            {
              "name": "RHSA-2018:3400",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3400"
            },
            {
              "name": "RHSA-2018:2228",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2228"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "RHSA-2019:1046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1046"
            },
            {
              "name": "openSUSE-SU-2019:1439",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
            },
            {
              "name": "openSUSE-SU-2019:1438",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/36"
            },
            {
              "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX235225"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xenbits.xen.org/xsa/advisory-263.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
            },
            {
              "name": "openSUSE-SU-2020:1325",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@intel.com",
              "DATE_PUBLIC": "2018-05-21T00:00:00",
              "ID": "CVE-2018-3639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Multiple",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Multiple"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Intel Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:1689",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1689"
                },
                {
                  "name": "RHSA-2018:2162",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2162"
                },
                {
                  "name": "RHSA-2018:1641",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1641"
                },
                {
                  "name": "USN-3680-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3680-1/"
                },
                {
                  "name": "RHSA-2018:1997",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1997"
                },
                {
                  "name": "RHSA-2018:1665",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1665"
                },
                {
                  "name": "RHSA-2018:3407",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3407"
                },
                {
                  "name": "RHSA-2018:2164",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2164"
                },
                {
                  "name": "RHSA-2018:2001",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2001"
                },
                {
                  "name": "RHSA-2018:3423",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3423"
                },
                {
                  "name": "RHSA-2018:2003",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2003"
                },
                {
                  "name": "USN-3654-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3654-1/"
                },
                {
                  "name": "RHSA-2018:1645",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1645"
                },
                {
                  "name": "RHSA-2018:1643",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1643"
                },
                {
                  "name": "RHSA-2018:1652",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1652"
                },
                {
                  "name": "RHSA-2018:3424",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3424"
                },
                {
                  "name": "RHSA-2018:3402",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3402"
                },
                {
                  "name": "TA18-141A",
                  "refsource": "CERT",
                  "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
                },
                {
                  "name": "RHSA-2018:1656",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1656"
                },
                {
                  "name": "RHSA-2018:1664",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1664"
                },
                {
                  "name": "RHSA-2018:2258",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2258"
                },
                {
                  "name": "RHSA-2018:1688",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1688"
                },
                {
                  "name": "RHSA-2018:1658",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1658"
                },
                {
                  "name": "RHSA-2018:1657",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1657"
                },
                {
                  "name": "RHSA-2018:2289",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2289"
                },
                {
                  "name": "RHSA-2018:1666",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1666"
                },
                {
                  "name": "1042004",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042004"
                },
                {
                  "name": "RHSA-2018:1675",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1675"
                },
                {
                  "name": "RHSA-2018:1660",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1660"
                },
                {
                  "name": "RHSA-2018:1965",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1965"
                },
                {
                  "name": "RHSA-2018:1661",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1661"
                },
                {
                  "name": "RHSA-2018:1633",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1633"
                },
                {
                  "name": "RHSA-2018:1636",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1636"
                },
                {
                  "name": "RHSA-2018:1854",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1854"
                },
                {
                  "name": "RHSA-2018:2006",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2006"
                },
                {
                  "name": "RHSA-2018:2250",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2250"
                },
                {
                  "name": "1040949",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040949"
                },
                {
                  "name": "RHSA-2018:3401",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3401"
                },
                {
                  "name": "RHSA-2018:1737",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1737"
                },
                {
                  "name": "RHSA-2018:1826",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1826"
                },
                {
                  "name": "USN-3651-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3651-1/"
                },
                {
                  "name": "DSA-4210",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4210"
                },
                {
                  "name": "44695",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44695/"
                },
                {
                  "name": "RHSA-2018:1651",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1651"
                },
                {
                  "name": "RHSA-2018:1638",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1638"
                },
                {
                  "name": "RHSA-2018:1696",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1696"
                },
                {
                  "name": "RHSA-2018:2246",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2246"
                },
                {
                  "name": "RHSA-2018:1644",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1644"
                },
                {
                  "name": "RHSA-2018:1646",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1646"
                },
                {
                  "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
                },
                {
                  "name": "RHSA-2018:1639",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1639"
                },
                {
                  "name": "RHSA-2018:1668",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1668"
                },
                {
                  "name": "RHSA-2018:1637",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1637"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "VU#180049",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/180049"
                },
                {
                  "name": "RHSA-2018:1686",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1686"
                },
                {
                  "name": "RHSA-2018:2172",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2172"
                },
                {
                  "name": "RHSA-2018:1663",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1663"
                },
                {
                  "name": "USN-3652-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3652-1/"
                },
                {
                  "name": "RHSA-2018:1629",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1629"
                },
                {
                  "name": "RHSA-2018:1655",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1655"
                },
                {
                  "name": "RHSA-2018:1640",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1640"
                },
                {
                  "name": "RHSA-2018:1669",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1669"
                },
                {
                  "name": "RHSA-2018:1676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1676"
                },
                {
                  "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
                },
                {
                  "name": "RHSA-2018:3425",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3425"
                },
                {
                  "name": "RHSA-2018:2363",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2363"
                },
                {
                  "name": "RHSA-2018:1632",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1632"
                },
                {
                  "name": "RHSA-2018:1650",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1650"
                },
                {
                  "name": "RHSA-2018:2396",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2396"
                },
                {
                  "name": "RHSA-2018:2364",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2364"
                },
                {
                  "name": "USN-3653-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3653-2/"
                },
                {
                  "name": "RHSA-2018:2216",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2216"
                },
                {
                  "name": "USN-3655-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3655-1/"
                },
                {
                  "name": "RHSA-2018:1649",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1649"
                },
                {
                  "name": "RHSA-2018:2309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2309"
                },
                {
                  "name": "104232",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104232"
                },
                {
                  "name": "RHSA-2018:1653",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1653"
                },
                {
                  "name": "RHSA-2018:2171",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2171"
                },
                {
                  "name": "RHSA-2018:1635",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1635"
                },
                {
                  "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
                },
                {
                  "name": "RHSA-2018:2394",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2394"
                },
                {
                  "name": "RHSA-2018:1710",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1710"
                },
                {
                  "name": "RHSA-2018:1659",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1659"
                },
                {
                  "name": "RHSA-2018:1711",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1711"
                },
                {
                  "name": "DSA-4273",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4273"
                },
                {
                  "name": "RHSA-2018:1738",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1738"
                },
                {
                  "name": "RHSA-2018:1674",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1674"
                },
                {
                  "name": "RHSA-2018:3396",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3396"
                },
                {
                  "name": "RHSA-2018:1667",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1667"
                },
                {
                  "name": "USN-3654-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3654-2/"
                },
                {
                  "name": "RHSA-2018:1662",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1662"
                },
                {
                  "name": "RHSA-2018:1630",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1630"
                },
                {
                  "name": "RHSA-2018:1647",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1647"
                },
                {
                  "name": "RHSA-2018:1967",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1967"
                },
                {
                  "name": "USN-3655-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3655-2/"
                },
                {
                  "name": "RHSA-2018:3399",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3399"
                },
                {
                  "name": "RHSA-2018:2060",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2060"
                },
                {
                  "name": "RHSA-2018:1690",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1690"
                },
                {
                  "name": "USN-3653-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3653-1/"
                },
                {
                  "name": "RHSA-2018:2161",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2161"
                },
                {
                  "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
                },
                {
                  "name": "RHSA-2018:2328",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2328"
                },
                {
                  "name": "RHSA-2018:1648",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1648"
                },
                {
                  "name": "RHSA-2018:2387",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2387"
                },
                {
                  "name": "RHSA-2019:0148",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:0148"
                },
                {
                  "name": "RHSA-2018:1654",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1654"
                },
                {
                  "name": "USN-3679-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3679-1/"
                },
                {
                  "name": "USN-3777-3",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3777-3/"
                },
                {
                  "name": "RHSA-2018:1642",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1642"
                },
                {
                  "name": "RHSA-2018:3397",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3397"
                },
                {
                  "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
                },
                {
                  "name": "USN-3756-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3756-1/"
                },
                {
                  "name": "RHSA-2018:3398",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3398"
                },
                {
                  "name": "RHSA-2018:3400",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3400"
                },
                {
                  "name": "RHSA-2018:2228",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2228"
                },
                {
                  "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
                },
                {
                  "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
                },
                {
                  "name": "RHSA-2019:1046",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:1046"
                },
                {
                  "name": "openSUSE-SU-2019:1439",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
                },
                {
                  "name": "openSUSE-SU-2019:1438",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
                },
                {
                  "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jun/36"
                },
                {
                  "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
                },
                {
                  "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
                },
                {
                  "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
                },
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
                },
                {
                  "name": "https://support.citrix.com/article/CTX235225",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX235225"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_23",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_23"
                },
                {
                  "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
                },
                {
                  "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
                },
                {
                  "name": "http://xenbits.xen.org/xsa/advisory-263.html",
                  "refsource": "CONFIRM",
                  "url": "http://xenbits.xen.org/xsa/advisory-263.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
                },
                {
                  "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
                },
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
                },
                {
                  "name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
                },
                {
                  "name": "openSUSE-SU-2020:1325",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2018-3639",
        "datePublished": "2018-05-22T12:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2026-05-29T20:14:05.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-18017 (GCVE-0-2017-18017)

    Vulnerability from nvd – Published: 2018-01-03 06:00 – Updated: 2025-01-03 12:04
    VLAI
    Summary
    The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4187 vendor-advisoryx_refsource_DEBIAN
    https://usn.ubuntu.com/3583-2/ vendor-advisoryx_refsource_UBUNTU
    http://patchwork.ozlabs.org/patch/746618/ x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1737 vendor-advisoryx_refsource_REDHAT
    https://www.kernel.org/pub/linux/kernel/v4.x/Chan… x_refsource_MISC
    https://lkml.org/lkml/2017/4/2/13 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1062 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1319 vendor-advisoryx_refsource_REDHAT
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://usn.ubuntu.com/3583-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:0676 vendor-advisoryx_refsource_REDHAT
    https://bugs.launchpad.net/ubuntu/+source/linux/+… x_refsource_MISC
    https://github.com/torvalds/linux/commit/2638fd0f… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1170 vendor-advisoryx_refsource_REDHAT
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1130 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/102367 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3583-1 vendor-advisoryx_refsource_UBUNTU
    https://support.f5.com/csp/article/K18352029 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3583-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.arista.com/en/support/advisories-noti… x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2025010…
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-03T12:04:18.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4187"
              },
              {
                "name": "USN-3583-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3583-2/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://patchwork.ozlabs.org/patch/746618/"
              },
              {
                "name": "RHSA-2018:1737",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1737"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lkml.org/lkml/2017/4/2/13"
              },
              {
                "name": "RHSA-2018:1062",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1062"
              },
              {
                "name": "RHSA-2018:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1319"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "name": "USN-3583-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3583-1/"
              },
              {
                "name": "RHSA-2018:0676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0676"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
              },
              {
                "name": "RHSA-2018:1170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
              },
              {
                "name": "RHSA-2018:1130",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1130"
              },
              {
                "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
              },
              {
                "name": "102367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102367"
              },
              {
                "name": "SUSE-SU-2018:0834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
              },
              {
                "name": "SUSE-SU-2018:0848",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
              },
              {
                "name": "SUSE-SU-2018:0383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
              },
              {
                "name": "USN-3583-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3583-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K18352029"
              },
              {
                "name": "SUSE-SU-2018:0555",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
              },
              {
                "name": "openSUSE-SU-2018:0408",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
              },
              {
                "name": "SUSE-SU-2018:0986",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
              },
              {
                "name": "SUSE-SU-2018:0416",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
              },
              {
                "name": "SUSE-SU-2018:0482",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
              },
              {
                "name": "SUSE-SU-2018:0841",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
              },
              {
                "name": "USN-3583-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3583-2"
              },
              {
                "name": "SUSE-SU-2018:0660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250103-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-08T11:33:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-4187",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3583-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://patchwork.ozlabs.org/patch/746618/"
            },
            {
              "name": "RHSA-2018:1737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lkml.org/lkml/2017/4/2/13"
            },
            {
              "name": "RHSA-2018:1062",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "RHSA-2018:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1319"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "USN-3583-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "RHSA-2018:0676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
            },
            {
              "name": "RHSA-2018:1170",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
            },
            {
              "name": "RHSA-2018:1130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1130"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "102367",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102367"
            },
            {
              "name": "SUSE-SU-2018:0834",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
            },
            {
              "name": "SUSE-SU-2018:0848",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
            },
            {
              "name": "SUSE-SU-2018:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
            },
            {
              "name": "USN-3583-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3583-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K18352029"
            },
            {
              "name": "SUSE-SU-2018:0555",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
            },
            {
              "name": "openSUSE-SU-2018:0408",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
            },
            {
              "name": "SUSE-SU-2018:0986",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
            },
            {
              "name": "SUSE-SU-2018:0416",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
            },
            {
              "name": "SUSE-SU-2018:0482",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
            },
            {
              "name": "SUSE-SU-2018:0841",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
            },
            {
              "name": "USN-3583-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3583-2"
            },
            {
              "name": "SUSE-SU-2018:0660",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18017",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4187",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4187"
                },
                {
                  "name": "USN-3583-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3583-2/"
                },
                {
                  "name": "http://patchwork.ozlabs.org/patch/746618/",
                  "refsource": "MISC",
                  "url": "http://patchwork.ozlabs.org/patch/746618/"
                },
                {
                  "name": "RHSA-2018:1737",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1737"
                },
                {
                  "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36",
                  "refsource": "MISC",
                  "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
                },
                {
                  "name": "https://lkml.org/lkml/2017/4/2/13",
                  "refsource": "MISC",
                  "url": "https://lkml.org/lkml/2017/4/2/13"
                },
                {
                  "name": "RHSA-2018:1062",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1062"
                },
                {
                  "name": "RHSA-2018:1319",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1319"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "USN-3583-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3583-1/"
                },
                {
                  "name": "RHSA-2018:0676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0676"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
                },
                {
                  "name": "RHSA-2018:1170",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1170"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901",
                  "refsource": "MISC",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
                },
                {
                  "name": "RHSA-2018:1130",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1130"
                },
                {
                  "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
                },
                {
                  "name": "102367",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102367"
                },
                {
                  "name": "SUSE-SU-2018:0834",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
                },
                {
                  "name": "SUSE-SU-2018:0848",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
                },
                {
                  "name": "SUSE-SU-2018:0383",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
                },
                {
                  "name": "USN-3583-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3583-1"
                },
                {
                  "name": "https://support.f5.com/csp/article/K18352029",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K18352029"
                },
                {
                  "name": "SUSE-SU-2018:0555",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
                },
                {
                  "name": "openSUSE-SU-2018:0408",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
                },
                {
                  "name": "SUSE-SU-2018:0986",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
                },
                {
                  "name": "SUSE-SU-2018:0416",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
                },
                {
                  "name": "SUSE-SU-2018:0482",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
                },
                {
                  "name": "SUSE-SU-2018:0841",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
                },
                {
                  "name": "USN-3583-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3583-2"
                },
                {
                  "name": "SUSE-SU-2018:0660",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
                },
                {
                  "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34",
                  "refsource": "MISC",
                  "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18017",
        "datePublished": "2018-01-03T06:00:00.000Z",
        "dateReserved": "2018-01-03T00:00:00.000Z",
        "dateUpdated": "2025-01-03T12:04:18.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7283 (GCVE-0-2014-7283)

    Vulnerability from nvd – Published: 2014-10-13 10:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:31.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70261"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d"
              },
              {
                "name": "[xfs] 20140327 xfs errors while unlinking filenames with hash collisions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=linux-xfs\u0026m=139590613002926\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2"
              },
              {
                "name": "[oss-security] 20141002 xfs directory hash ordering bug",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/10/01/29"
              },
              {
                "name": "RHSA-2014:1943",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1943.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c88547a8119e3b581318ab65e9b72f27f23e641d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148777"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-12-04T15:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "70261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70261"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d"
            },
            {
              "name": "[xfs] 20140327 xfs errors while unlinking filenames with hash collisions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=linux-xfs\u0026m=139590613002926\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2"
            },
            {
              "name": "[oss-security] 20141002 xfs directory hash ordering bug",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/10/01/29"
            },
            {
              "name": "RHSA-2014:1943",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1943.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c88547a8119e3b581318ab65e9b72f27f23e641d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148777"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70261"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d"
                },
                {
                  "name": "[xfs] 20140327 xfs errors while unlinking filenames with hash collisions",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=linux-xfs\u0026m=139590613002926\u0026w=2"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2"
                },
                {
                  "name": "[oss-security] 20141002 xfs directory hash ordering bug",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/10/01/29"
                },
                {
                  "name": "RHSA-2014:1943",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1943.html"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c88547a8119e3b581318ab65e9b72f27f23e641d",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c88547a8119e3b581318ab65e9b72f27f23e641d"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1148777",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148777"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7283",
        "datePublished": "2014-10-13T10:00:00.000Z",
        "dateReserved": "2014-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:31.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3547 (GCVE-0-2009-3547)

    Vulnerability from nvd – Published: 2009-11-04 15:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2009-16… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/512019/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/36901 vdb-entryx_refsource_BID
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    https://rhn.redhat.com/errata/RHSA-2009-1540.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/usn-864-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/38794 third-party-advisoryx_refsource_SECUNIA
    http://lists.vmware.com/pipermail/security-announ… mailing-listx_refsource_MLIST
    http://lkml.org/lkml/2009/10/21/42 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://rhn.redhat.com/errata/RHSA-2009-1541.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/37351 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=oss-security&m=125724568017045&w=2 mailing-listx_refsource_MLIST
    https://rhn.redhat.com/errata/RHSA-2009-1548.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/38834 third-party-advisoryx_refsource_SECUNIA
    http://lkml.org/lkml/2009/10/14/184 mailing-listx_refsource_MLIST
    https://rhn.redhat.com/errata/RHSA-2009-1550.html vendor-advisoryx_refsource_REDHAT
    http://www.kernel.org/pub/linux/kernel/v2.6/testi… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=530490 x_refsource_CONFIRM
    http://secunia.com/advisories/38017 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2010/0528 vdb-entryx_refsource_VUPEN
    Date Public
    2009-10-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:11513",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
              },
              {
                "name": "RHSA-2009:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
              },
              {
                "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
              },
              {
                "name": "36901",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36901"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
              },
              {
                "name": "RHSA-2009:1540",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
              },
              {
                "name": "USN-864-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-864-1"
              },
              {
                "name": "38794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38794"
              },
              {
                "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
              },
              {
                "name": "[linux-kernel] 20091021 Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lkml.org/lkml/2009/10/21/42"
              },
              {
                "name": "SUSE-SA:2010:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
              },
              {
                "name": "RHSA-2009:1541",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
              },
              {
                "name": "MDVSA-2009:329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
              },
              {
                "name": "37351",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37351"
              },
              {
                "name": "SUSE-SA:2009:056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
              },
              {
                "name": "SUSE-SA:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
              },
              {
                "name": "oval:org.mitre.oval:def:7608",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
              },
              {
                "name": "[oss-security] 20091103 CVE-2009-3547 kernel: fs: pipe.c null pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
              },
              {
                "name": "RHSA-2009:1548",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
              },
              {
                "name": "38834",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38834"
              },
              {
                "name": "[linux-kernel] 20091014 fs/pipe.c null pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lkml.org/lkml/2009/10/14/184"
              },
              {
                "name": "RHSA-2009:1550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
              },
              {
                "name": "oval:org.mitre.oval:def:9327",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
              },
              {
                "name": "SUSE-SA:2009:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
              },
              {
                "name": "38017",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38017"
              },
              {
                "name": "FEDORA-2009-11038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
              },
              {
                "name": "ADV-2010-0528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0528"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-10-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:11513",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
            },
            {
              "name": "RHSA-2009:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
            },
            {
              "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
            },
            {
              "name": "36901",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36901"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
            },
            {
              "name": "RHSA-2009:1540",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
            },
            {
              "name": "USN-864-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-864-1"
            },
            {
              "name": "38794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "[linux-kernel] 20091021 Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lkml.org/lkml/2009/10/21/42"
            },
            {
              "name": "SUSE-SA:2010:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
            },
            {
              "name": "RHSA-2009:1541",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
            },
            {
              "name": "MDVSA-2009:329",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
            },
            {
              "name": "37351",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37351"
            },
            {
              "name": "SUSE-SA:2009:056",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
            },
            {
              "name": "SUSE-SA:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7608",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
            },
            {
              "name": "[oss-security] 20091103 CVE-2009-3547 kernel: fs: pipe.c null pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
            },
            {
              "name": "RHSA-2009:1548",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
            },
            {
              "name": "38834",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38834"
            },
            {
              "name": "[linux-kernel] 20091014 fs/pipe.c null pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lkml.org/lkml/2009/10/14/184"
            },
            {
              "name": "RHSA-2009:1550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
            },
            {
              "name": "oval:org.mitre.oval:def:9327",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
            },
            {
              "name": "SUSE-SA:2009:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
            },
            {
              "name": "38017",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38017"
            },
            {
              "name": "FEDORA-2009-11038",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
            },
            {
              "name": "ADV-2010-0528",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2009-3547",
        "datePublished": "2009-11-04T15:00:00.000Z",
        "dateReserved": "2009-10-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:10.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3620 (GCVE-0-2009-3620)

    Vulnerability from nvd – Published: 2009-10-22 15:26 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openwall.com/lists/oss-security/2009/10/19/3 mailing-listx_refsource_MLIST
    http://www.redhat.com/support/errata/RHSA-2009-16… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/36824 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://rhn.redhat.com/errata/RHSA-2009-1540.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=529597 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/usn-864-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/38794 third-party-advisoryx_refsource_SECUNIA
    http://lists.vmware.com/pipermail/security-announ… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/36707 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://article.gmane.org/gmane.linux.kernel/892259 mailing-listx_refsource_MLIST
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kernel.org/pub/linux/kernel/v2.6/snaps… x_refsource_CONFIRM
    http://secunia.com/advisories/37909 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2010-08… vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2009-16… vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2009/10/19/1 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/38834 third-party-advisoryx_refsource_SECUNIA
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2010/0528 vdb-entryx_refsource_VUPEN
    Date Public
    2009-09-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/10/19/3"
              },
              {
                "name": "RHSA-2009:1671",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
              },
              {
                "name": "36824",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36824"
              },
              {
                "name": "oval:org.mitre.oval:def:9891",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891"
              },
              {
                "name": "RHSA-2009:1540",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529597"
              },
              {
                "name": "SUSE-SA:2009:061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
              },
              {
                "name": "USN-864-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-864-1"
              },
              {
                "name": "38794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38794"
              },
              {
                "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
              },
              {
                "name": "36707",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36707"
              },
              {
                "name": "MDVSA-2010:198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
              },
              {
                "name": "[linux-kernel] 20090921 [git pull] drm tree.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.linux.kernel/892259"
              },
              {
                "name": "MDVSA-2010:088",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"
              },
              {
                "name": "SUSE-SA:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log"
              },
              {
                "name": "37909",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37909"
              },
              {
                "name": "oval:org.mitre.oval:def:6763",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763"
              },
              {
                "name": "RHSA-2010:0882",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
              },
              {
                "name": "RHSA-2009:1670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
              },
              {
                "name": "SUSE-SA:2009:064",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
              },
              {
                "name": "[oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/10/19/1"
              },
              {
                "name": "38834",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38834"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7"
              },
              {
                "name": "SUSE-SA:2010:013",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
              },
              {
                "name": "FEDORA-2009-11038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
              },
              {
                "name": "ADV-2010-0528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0528"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/10/19/3"
            },
            {
              "name": "RHSA-2009:1671",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
            },
            {
              "name": "36824",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36824"
            },
            {
              "name": "oval:org.mitre.oval:def:9891",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891"
            },
            {
              "name": "RHSA-2009:1540",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529597"
            },
            {
              "name": "SUSE-SA:2009:061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
            },
            {
              "name": "USN-864-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-864-1"
            },
            {
              "name": "38794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "36707",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36707"
            },
            {
              "name": "MDVSA-2010:198",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
            },
            {
              "name": "[linux-kernel] 20090921 [git pull] drm tree.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.linux.kernel/892259"
            },
            {
              "name": "MDVSA-2010:088",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"
            },
            {
              "name": "SUSE-SA:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log"
            },
            {
              "name": "37909",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37909"
            },
            {
              "name": "oval:org.mitre.oval:def:6763",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763"
            },
            {
              "name": "RHSA-2010:0882",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
            },
            {
              "name": "RHSA-2009:1670",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
            },
            {
              "name": "SUSE-SA:2009:064",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
            },
            {
              "name": "[oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/10/19/1"
            },
            {
              "name": "38834",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38834"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7"
            },
            {
              "name": "SUSE-SA:2010:013",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
            },
            {
              "name": "FEDORA-2009-11038",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
            },
            {
              "name": "ADV-2010-0528",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2009-3620",
        "datePublished": "2009-10-22T15:26:00.000Z",
        "dateReserved": "2009-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:10.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9506 (GCVE-0-2019-9506)

    Vulnerability from cvelistv5 – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
    VLAI
    Title
    Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
    Summary
    The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
    CWE
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/918987/ third-party-advisoryx_refsource_CERT-VN
    http://www.cs.ox.ac.uk/publications/publication12… x_refsource_MISC
    https://www.usenix.org/conference/usenixsecurity1… x_refsource_MISC
    https://www.bluetooth.com/security/statement-key-… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Aug/14 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/13 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/Aug/15 mailing-listx_refsource_FULLDISC
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    https://usn.ubuntu.com/4115-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4118-1/ vendor-advisoryx_refsource_UBUNTU
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4147-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:2975 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://access.redhat.com/errata/RHSA-2019:3076 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3055 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3220 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3231 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3218 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3517 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0204 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Bluetooth BR/EDR Affected: 5.1 , ≤ 5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-08-14 00:00
    Credits
    Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#918987",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/918987/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
              },
              {
                "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
              },
              {
                "name": "USN-4115-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4115-1/"
              },
              {
                "name": "USN-4118-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4118-1/"
              },
              {
                "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
              },
              {
                "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
              },
              {
                "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
              },
              {
                "name": "USN-4147-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4147-1/"
              },
              {
                "name": "RHSA-2019:2975",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2975"
              },
              {
                "name": "openSUSE-SU-2019:2307",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
              },
              {
                "name": "openSUSE-SU-2019:2308",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
              },
              {
                "name": "RHSA-2019:3076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3076"
              },
              {
                "name": "RHSA-2019:3055",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3055"
              },
              {
                "name": "RHSA-2019:3089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
              },
              {
                "name": "RHSA-2019:3187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3187"
              },
              {
                "name": "RHSA-2019:3165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3165"
              },
              {
                "name": "RHSA-2019:3217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3217"
              },
              {
                "name": "RHSA-2019:3220",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3220"
              },
              {
                "name": "RHSA-2019:3231",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3231"
              },
              {
                "name": "RHSA-2019:3218",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3218"
              },
              {
                "name": "RHSA-2019:3309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3309"
              },
              {
                "name": "RHSA-2019:3517",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3517"
              },
              {
                "name": "RHSA-2020:0204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0204"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "N/A"
              ],
              "product": "BR/EDR",
              "vendor": "Bluetooth",
              "versions": [
                {
                  "lessThanOrEqual": "5.1",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
            }
          ],
          "datePublic": "2019-08-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CWE-310 Cryptographic Issues",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-30T10:06:23.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#918987",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/918987/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
            },
            {
              "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
            },
            {
              "name": "USN-4115-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4115-1/"
            },
            {
              "name": "USN-4118-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4118-1/"
            },
            {
              "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
            },
            {
              "name": "USN-4147-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4147-1/"
            },
            {
              "name": "RHSA-2019:2975",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2975"
            },
            {
              "name": "openSUSE-SU-2019:2307",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2019:2308",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
            },
            {
              "name": "RHSA-2019:3076",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3076"
            },
            {
              "name": "RHSA-2019:3055",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3055"
            },
            {
              "name": "RHSA-2019:3089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3089"
            },
            {
              "name": "RHSA-2019:3187",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3187"
            },
            {
              "name": "RHSA-2019:3165",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3165"
            },
            {
              "name": "RHSA-2019:3217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3217"
            },
            {
              "name": "RHSA-2019:3220",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3220"
            },
            {
              "name": "RHSA-2019:3231",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3231"
            },
            {
              "name": "RHSA-2019:3218",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3218"
            },
            {
              "name": "RHSA-2019:3309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3309"
            },
            {
              "name": "RHSA-2019:3517",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3517"
            },
            {
              "name": "RHSA-2020:0204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0204"
            }
          ],
          "source": {
            "advisory": "VU#918987",
            "defect": [
              "VU#918987"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
          "workarounds": [
            {
              "lang": "en",
              "value": "Bluetooth SIG Expedited Errata Correction 11838"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "KNOB",
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-08-14",
              "ID": "CVE-2019-9506",
              "STATE": "PUBLIC",
              "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BR/EDR",
                          "version": {
                            "version_data": [
                              {
                                "platform": "N/A",
                                "version_affected": "\u003c=",
                                "version_name": "5.1",
                                "version_value": "5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bluetooth"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-310 Cryptographic Issues"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#918987",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/918987/"
                },
                {
                  "name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
                  "refsource": "MISC",
                  "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
                },
                {
                  "name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
                  "refsource": "MISC",
                  "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
                },
                {
                  "name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
                  "refsource": "CONFIRM",
                  "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
                },
                {
                  "name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
                },
                {
                  "name": "USN-4115-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4115-1/"
                },
                {
                  "name": "USN-4118-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4118-1/"
                },
                {
                  "name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
                },
                {
                  "name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
                },
                {
                  "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
                },
                {
                  "name": "USN-4147-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4147-1/"
                },
                {
                  "name": "RHSA-2019:2975",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2975"
                },
                {
                  "name": "openSUSE-SU-2019:2307",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
                },
                {
                  "name": "openSUSE-SU-2019:2308",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
                },
                {
                  "name": "RHSA-2019:3076",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3076"
                },
                {
                  "name": "RHSA-2019:3055",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3055"
                },
                {
                  "name": "RHSA-2019:3089",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3089"
                },
                {
                  "name": "RHSA-2019:3187",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3187"
                },
                {
                  "name": "RHSA-2019:3165",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3165"
                },
                {
                  "name": "RHSA-2019:3217",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3217"
                },
                {
                  "name": "RHSA-2019:3220",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3220"
                },
                {
                  "name": "RHSA-2019:3231",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3231"
                },
                {
                  "name": "RHSA-2019:3218",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3218"
                },
                {
                  "name": "RHSA-2019:3309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3309"
                },
                {
                  "name": "RHSA-2019:3517",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3517"
                },
                {
                  "name": "RHSA-2020:0204",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0204"
                }
              ]
            },
            "source": {
              "advisory": "VU#918987",
              "defect": [
                "VU#918987"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Bluetooth SIG Expedited Errata Correction 11838"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9506",
        "datePublished": "2019-08-14T16:27:45.059Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:14:13.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16871 (GCVE-0-2018-16871)

    Vulnerability from cvelistv5 – Published: 2019-07-30 16:19 – Updated: 2024-08-05 10:32
    VLAI
    Summary
    A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat kernel: Affected: all 3.x, all 4.x up to 4.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:32:54.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871"
              },
              {
                "name": "RHSA-2019:2696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2696"
              },
              {
                "name": "RHSA-2019:2730",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2730"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K18657134"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K18657134?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "name": "RHSA-2020:0740",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211004-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "all 3.x, all 4.x up to 4.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-04T18:06:18.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871"
            },
            {
              "name": "RHSA-2019:2696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2696"
            },
            {
              "name": "RHSA-2019:2730",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2730"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K18657134"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K18657134?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "name": "RHSA-2020:0740",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20211004-0002/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-16871",
        "datePublished": "2019-07-30T16:19:25.000Z",
        "dateReserved": "2018-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:32:54.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18344 (GCVE-0-2017-18344)

    Vulnerability from cvelistv5 – Published: 2018-07-26 19:00 – Updated: 2024-08-05 21:20
    VLAI
    Summary
    The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:3540 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3083 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3591 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3459 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1041414 vdb-entryx_refsource_SECTRACK
    https://cdn.kernel.org/pub/linux/kernel/v4.x/Chan… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:3590 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    https://github.com/torvalds/linux/commit/cef31d9a… x_refsource_MISC
    https://usn.ubuntu.com/3742-2/ vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/104909 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3742-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3586 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/45175/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2018:3096 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:20:50.543Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:3540",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3540"
              },
              {
                "name": "RHSA-2018:3083",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3083"
              },
              {
                "name": "RHSA-2018:3591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3591"
              },
              {
                "name": "RHSA-2018:3459",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3459"
              },
              {
                "name": "1041414",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041414"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
              },
              {
                "name": "RHSA-2018:3590",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3590"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
              },
              {
                "name": "USN-3742-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3742-2/"
              },
              {
                "name": "104909",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104909"
              },
              {
                "name": "USN-3742-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3742-1/"
              },
              {
                "name": "RHSA-2018:3586",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3586"
              },
              {
                "name": "45175",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45175/"
              },
              {
                "name": "RHSA-2018:3096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3096"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn\u0027t properly validate the sigevent-\u003esigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2018:3540",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3540"
            },
            {
              "name": "RHSA-2018:3083",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "RHSA-2018:3591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3591"
            },
            {
              "name": "RHSA-2018:3459",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3459"
            },
            {
              "name": "1041414",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041414"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
            },
            {
              "name": "RHSA-2018:3590",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3590"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
            },
            {
              "name": "USN-3742-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "104909",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104909"
            },
            {
              "name": "USN-3742-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:3586",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3586"
            },
            {
              "name": "45175",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45175/"
            },
            {
              "name": "RHSA-2018:3096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn\u0027t properly validate the sigevent-\u003esigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:3540",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3540"
                },
                {
                  "name": "RHSA-2018:3083",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3083"
                },
                {
                  "name": "RHSA-2018:3591",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3591"
                },
                {
                  "name": "RHSA-2018:3459",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3459"
                },
                {
                  "name": "1041414",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041414"
                },
                {
                  "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
                  "refsource": "MISC",
                  "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
                },
                {
                  "name": "RHSA-2018:3590",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3590"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
                },
                {
                  "name": "USN-3742-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3742-2/"
                },
                {
                  "name": "104909",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104909"
                },
                {
                  "name": "USN-3742-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3742-1/"
                },
                {
                  "name": "RHSA-2018:3586",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3586"
                },
                {
                  "name": "45175",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45175/"
                },
                {
                  "name": "RHSA-2018:3096",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3096"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18344",
        "datePublished": "2018-07-26T19:00:00.000Z",
        "dateReserved": "2018-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:20:50.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13405 (GCVE-0-2018-13405)

    Vulnerability from cvelistv5 – Published: 2018-07-06 14:00 – Updated: 2024-08-05 09:00
    VLAI
    Summary
    The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3752-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3083 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3752-3/ vendor-advisoryx_refsource_UBUNTU
    https://twitter.com/grsecurity/status/10150829512… x_refsource_MISC
    https://usn.ubuntu.com/3753-2/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3754-1/ vendor-advisoryx_refsource_UBUNTU
    http://openwall.com/lists/oss-security/2018/07/13/2 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://www.exploit-db.com/exploits/45033/ exploitx_refsource_EXPLOIT-DB
    https://www.debian.org/security/2018/dsa-4266 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/106503 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3752-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3096 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3753-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/torvalds/linux/commit/0fa3ecd8… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2019:0717 vendor-advisoryx_refsource_REDHAT
    https://support.f5.com/csp/article/K00854051 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2019:2476 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2730 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:4159 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:4164 vendor-advisoryx_refsource_REDHAT
    https://git.kernel.org/pub/scm/linux/kernel/git/t… x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    Date Public
    2018-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:00:35.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3752-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3752-2/"
              },
              {
                "name": "RHSA-2018:3083",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3083"
              },
              {
                "name": "USN-3752-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3752-3/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/grsecurity/status/1015082951204327425"
              },
              {
                "name": "USN-3753-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3753-2/"
              },
              {
                "name": "USN-3754-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3754-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2018/07/13/2"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
              },
              {
                "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
              },
              {
                "name": "45033",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45033/"
              },
              {
                "name": "DSA-4266",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4266"
              },
              {
                "name": "106503",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106503"
              },
              {
                "name": "USN-3752-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3752-1/"
              },
              {
                "name": "RHSA-2018:3096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3096"
              },
              {
                "name": "USN-3753-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3753-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
              },
              {
                "name": "RHSA-2019:0717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:0717"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K00854051"
              },
              {
                "name": "RHSA-2019:2476",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2476"
              },
              {
                "name": "RHSA-2019:2566",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2566"
              },
              {
                "name": "RHSA-2019:2696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2696"
              },
              {
                "name": "RHSA-2019:2730",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2730"
              },
              {
                "name": "RHSA-2019:4159",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4159"
              },
              {
                "name": "RHSA-2019:4164",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4164"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406"
              },
              {
                "name": "FEDORA-2022-3a60c34473",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
              },
              {
                "name": "FEDORA-2022-5d0676b098",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-25T18:06:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3752-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3752-2/"
            },
            {
              "name": "RHSA-2018:3083",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "USN-3752-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3752-3/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/grsecurity/status/1015082951204327425"
            },
            {
              "name": "USN-3753-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3753-2/"
            },
            {
              "name": "USN-3754-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://openwall.com/lists/oss-security/2018/07/13/2"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
            },
            {
              "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
            },
            {
              "name": "45033",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45033/"
            },
            {
              "name": "DSA-4266",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4266"
            },
            {
              "name": "106503",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106503"
            },
            {
              "name": "USN-3752-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3752-1/"
            },
            {
              "name": "RHSA-2018:3096",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            },
            {
              "name": "USN-3753-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3753-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
            },
            {
              "name": "RHSA-2019:0717",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0717"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K00854051"
            },
            {
              "name": "RHSA-2019:2476",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2476"
            },
            {
              "name": "RHSA-2019:2566",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2566"
            },
            {
              "name": "RHSA-2019:2696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2696"
            },
            {
              "name": "RHSA-2019:2730",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2730"
            },
            {
              "name": "RHSA-2019:4159",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4159"
            },
            {
              "name": "RHSA-2019:4164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4164"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406"
            },
            {
              "name": "FEDORA-2022-3a60c34473",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
            },
            {
              "name": "FEDORA-2022-5d0676b098",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-13405",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3752-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3752-2/"
                },
                {
                  "name": "RHSA-2018:3083",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3083"
                },
                {
                  "name": "USN-3752-3",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3752-3/"
                },
                {
                  "name": "https://twitter.com/grsecurity/status/1015082951204327425",
                  "refsource": "MISC",
                  "url": "https://twitter.com/grsecurity/status/1015082951204327425"
                },
                {
                  "name": "USN-3753-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3753-2/"
                },
                {
                  "name": "USN-3754-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3754-1/"
                },
                {
                  "name": "http://openwall.com/lists/oss-security/2018/07/13/2",
                  "refsource": "MISC",
                  "url": "http://openwall.com/lists/oss-security/2018/07/13/2"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7",
                  "refsource": "MISC",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
                },
                {
                  "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
                },
                {
                  "name": "45033",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45033/"
                },
                {
                  "name": "DSA-4266",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4266"
                },
                {
                  "name": "106503",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106503"
                },
                {
                  "name": "USN-3752-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3752-1/"
                },
                {
                  "name": "RHSA-2018:3096",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3096"
                },
                {
                  "name": "USN-3753-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3753-1/"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7"
                },
                {
                  "name": "RHSA-2019:0717",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:0717"
                },
                {
                  "name": "https://support.f5.com/csp/article/K00854051",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K00854051"
                },
                {
                  "name": "RHSA-2019:2476",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2476"
                },
                {
                  "name": "RHSA-2019:2566",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2566"
                },
                {
                  "name": "RHSA-2019:2696",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2696"
                },
                {
                  "name": "RHSA-2019:2730",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2730"
                },
                {
                  "name": "RHSA-2019:4159",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4159"
                },
                {
                  "name": "RHSA-2019:4164",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4164"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406"
                },
                {
                  "name": "FEDORA-2022-3a60c34473",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/"
                },
                {
                  "name": "FEDORA-2022-5d0676b098",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-13405",
        "datePublished": "2018-07-06T14:00:00.000Z",
        "dateReserved": "2018-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:00:35.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3639 (GCVE-0-2018-3639)

    Vulnerability from cvelistv5 – Published: 2018-05-22 12:00 – Updated: 2026-05-29 20:14
    VLAI
    Summary
    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    • CWE-203 - Observable Discrepancy
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:1689 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2162 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1641 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3680-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1997 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1665 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3407 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2164 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2001 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3423 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2003 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3654-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1645 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1643 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1652 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3424 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3402 vendor-advisoryx_refsource_REDHAT
    https://www.us-cert.gov/ncas/alerts/TA18-141A third-party-advisoryx_refsource_CERT
    https://access.redhat.com/errata/RHSA-2018:1656 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1664 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2258 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1688 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1658 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1657 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2289 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1666 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1042004 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:1675 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1660 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1965 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1661 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1633 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1636 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2006 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2250 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1040949 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:3401 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1737 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1826 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3651-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2018/dsa-4210 vendor-advisoryx_refsource_DEBIAN
    https://www.exploit-db.com/exploits/44695/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2018:1651 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1638 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2246 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1644 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1646 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:1639 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1668 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1637 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2948 vendor-advisoryx_refsource_REDHAT
    https://www.kb.cert.org/vuls/id/180049 third-party-advisoryx_refsource_CERT-VN
    https://access.redhat.com/errata/RHSA-2018:1686 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2172 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1663 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3652-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1629 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1655 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1640 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1669 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1676 vendor-advisoryx_refsource_REDHAT
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    https://access.redhat.com/errata/RHSA-2018:3425 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2363 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1632 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1650 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2364 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3653-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2216 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3655-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1649 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2309 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/104232 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:1653 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2171 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1635 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:2394 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1710 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1659 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1711 vendor-advisoryx_refsource_REDHAT
    https://www.debian.org/security/2018/dsa-4273 vendor-advisoryx_refsource_DEBIAN
    https://access.redhat.com/errata/RHSA-2018:1738 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1674 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3396 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1667 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3654-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1662 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1630 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1647 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1967 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3655-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3399 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2060 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1690 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3653-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:2161 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2018:2328 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1648 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2387 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:0148 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1654 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3679-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3777-3/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:1642 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3397 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3756-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:3398 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3400 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2228 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2019:1046 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2019/Jun/36 mailing-listx_refsource_BUGTRAQ
    http://www.openwall.com/lists/oss-security/2020/06/10/1 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/06/10/2 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/06/10/5 mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_CONFIRM
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    http://support.lenovo.com/us/en/solutions/LEN-22133 x_refsource_CONFIRM
    https://psirt.global.sonicwall.com/vuln-detail/SN… x_refsource_CONFIRM
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    https://support.citrix.com/article/CTX235225 x_refsource_CONFIRM
    https://www.intel.com/content/www/us/en/security-… x_refsource_CONFIRM
    https://www.synology.com/support/security/Synolog… x_refsource_CONFIRM
    https://developer.arm.com/support/arm-security-up… x_refsource_CONFIRM
    http://www.fujitsu.com/global/support/products/so… x_refsource_CONFIRM
    http://xenbits.xen.org/xsa/advisory-263.html x_refsource_CONFIRM
    https://cert-portal.siemens.com/productcert/pdf/s… x_refsource_CONFIRM
    https://www.mitel.com/en-ca/support/security-advi… x_refsource_CONFIRM
    https://support.hpe.com/hpsc/doc/public/display?d… x_refsource_CONFIRM
    https://bugs.chromium.org/p/project-zero/issues/d… x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2018052… x_refsource_CONFIRM
    https://nvidia.custhelp.com/app/answers/detail/a_… x_refsource_CONFIRM
    https://support.oracle.com/knowledge/Sun%20Micros… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Impacted products
    Vendor Product Version
    Intel Corporation Multiple Affected: Multiple
    Create a notification for this product.
    Date Public
    2018-05-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:1689",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1689"
              },
              {
                "name": "RHSA-2018:2162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2162"
              },
              {
                "name": "RHSA-2018:1641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1641"
              },
              {
                "name": "USN-3680-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3680-1/"
              },
              {
                "name": "RHSA-2018:1997",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1997"
              },
              {
                "name": "RHSA-2018:1665",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1665"
              },
              {
                "name": "RHSA-2018:3407",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3407"
              },
              {
                "name": "RHSA-2018:2164",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2164"
              },
              {
                "name": "RHSA-2018:2001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2001"
              },
              {
                "name": "RHSA-2018:3423",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3423"
              },
              {
                "name": "RHSA-2018:2003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2003"
              },
              {
                "name": "USN-3654-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3654-1/"
              },
              {
                "name": "RHSA-2018:1645",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1645"
              },
              {
                "name": "RHSA-2018:1643",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1643"
              },
              {
                "name": "RHSA-2018:1652",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1652"
              },
              {
                "name": "RHSA-2018:3424",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3424"
              },
              {
                "name": "RHSA-2018:3402",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3402"
              },
              {
                "name": "TA18-141A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
              },
              {
                "name": "RHSA-2018:1656",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1656"
              },
              {
                "name": "RHSA-2018:1664",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1664"
              },
              {
                "name": "RHSA-2018:2258",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2258"
              },
              {
                "name": "RHSA-2018:1688",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1688"
              },
              {
                "name": "RHSA-2018:1658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1658"
              },
              {
                "name": "RHSA-2018:1657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1657"
              },
              {
                "name": "RHSA-2018:2289",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2289"
              },
              {
                "name": "RHSA-2018:1666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1666"
              },
              {
                "name": "1042004",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042004"
              },
              {
                "name": "RHSA-2018:1675",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1675"
              },
              {
                "name": "RHSA-2018:1660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1660"
              },
              {
                "name": "RHSA-2018:1965",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1965"
              },
              {
                "name": "RHSA-2018:1661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1661"
              },
              {
                "name": "RHSA-2018:1633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1633"
              },
              {
                "name": "RHSA-2018:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1636"
              },
              {
                "name": "RHSA-2018:1854",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1854"
              },
              {
                "name": "RHSA-2018:2006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2006"
              },
              {
                "name": "RHSA-2018:2250",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2250"
              },
              {
                "name": "1040949",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040949"
              },
              {
                "name": "RHSA-2018:3401",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3401"
              },
              {
                "name": "RHSA-2018:1737",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1737"
              },
              {
                "name": "RHSA-2018:1826",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1826"
              },
              {
                "name": "USN-3651-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3651-1/"
              },
              {
                "name": "DSA-4210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4210"
              },
              {
                "name": "44695",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44695/"
              },
              {
                "name": "RHSA-2018:1651",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1651"
              },
              {
                "name": "RHSA-2018:1638",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1638"
              },
              {
                "name": "RHSA-2018:1696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1696"
              },
              {
                "name": "RHSA-2018:2246",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2246"
              },
              {
                "name": "RHSA-2018:1644",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1644"
              },
              {
                "name": "RHSA-2018:1646",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1646"
              },
              {
                "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
              },
              {
                "name": "RHSA-2018:1639",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1639"
              },
              {
                "name": "RHSA-2018:1668",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1668"
              },
              {
                "name": "RHSA-2018:1637",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1637"
              },
              {
                "name": "RHSA-2018:2948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2948"
              },
              {
                "name": "VU#180049",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/180049"
              },
              {
                "name": "RHSA-2018:1686",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1686"
              },
              {
                "name": "RHSA-2018:2172",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2172"
              },
              {
                "name": "RHSA-2018:1663",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1663"
              },
              {
                "name": "USN-3652-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3652-1/"
              },
              {
                "name": "RHSA-2018:1629",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1629"
              },
              {
                "name": "RHSA-2018:1655",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1655"
              },
              {
                "name": "RHSA-2018:1640",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1640"
              },
              {
                "name": "RHSA-2018:1669",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1669"
              },
              {
                "name": "RHSA-2018:1676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1676"
              },
              {
                "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
              },
              {
                "name": "RHSA-2018:3425",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3425"
              },
              {
                "name": "RHSA-2018:2363",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2363"
              },
              {
                "name": "RHSA-2018:1632",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1632"
              },
              {
                "name": "RHSA-2018:1650",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1650"
              },
              {
                "name": "RHSA-2018:2396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2396"
              },
              {
                "name": "RHSA-2018:2364",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2364"
              },
              {
                "name": "USN-3653-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3653-2/"
              },
              {
                "name": "RHSA-2018:2216",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2216"
              },
              {
                "name": "USN-3655-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3655-1/"
              },
              {
                "name": "RHSA-2018:1649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1649"
              },
              {
                "name": "RHSA-2018:2309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2309"
              },
              {
                "name": "104232",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104232"
              },
              {
                "name": "RHSA-2018:1653",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1653"
              },
              {
                "name": "RHSA-2018:2171",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2171"
              },
              {
                "name": "RHSA-2018:1635",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1635"
              },
              {
                "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
              },
              {
                "name": "RHSA-2018:2394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2394"
              },
              {
                "name": "RHSA-2018:1710",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1710"
              },
              {
                "name": "RHSA-2018:1659",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1659"
              },
              {
                "name": "RHSA-2018:1711",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1711"
              },
              {
                "name": "DSA-4273",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4273"
              },
              {
                "name": "RHSA-2018:1738",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1738"
              },
              {
                "name": "RHSA-2018:1674",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1674"
              },
              {
                "name": "RHSA-2018:3396",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3396"
              },
              {
                "name": "RHSA-2018:1667",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1667"
              },
              {
                "name": "USN-3654-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3654-2/"
              },
              {
                "name": "RHSA-2018:1662",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1662"
              },
              {
                "name": "RHSA-2018:1630",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1630"
              },
              {
                "name": "RHSA-2018:1647",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1647"
              },
              {
                "name": "RHSA-2018:1967",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1967"
              },
              {
                "name": "USN-3655-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3655-2/"
              },
              {
                "name": "RHSA-2018:3399",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3399"
              },
              {
                "name": "RHSA-2018:2060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2060"
              },
              {
                "name": "RHSA-2018:1690",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1690"
              },
              {
                "name": "USN-3653-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3653-1/"
              },
              {
                "name": "RHSA-2018:2161",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2161"
              },
              {
                "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
              },
              {
                "name": "RHSA-2018:2328",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2328"
              },
              {
                "name": "RHSA-2018:1648",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1648"
              },
              {
                "name": "RHSA-2018:2387",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2387"
              },
              {
                "name": "RHSA-2019:0148",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:0148"
              },
              {
                "name": "RHSA-2018:1654",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1654"
              },
              {
                "name": "USN-3679-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3679-1/"
              },
              {
                "name": "USN-3777-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3777-3/"
              },
              {
                "name": "RHSA-2018:1642",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1642"
              },
              {
                "name": "RHSA-2018:3397",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3397"
              },
              {
                "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
              },
              {
                "name": "USN-3756-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3756-1/"
              },
              {
                "name": "RHSA-2018:3398",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3398"
              },
              {
                "name": "RHSA-2018:3400",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3400"
              },
              {
                "name": "RHSA-2018:2228",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2228"
              },
              {
                "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
              },
              {
                "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
              },
              {
                "name": "RHSA-2019:1046",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1046"
              },
              {
                "name": "openSUSE-SU-2019:1439",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
              },
              {
                "name": "openSUSE-SU-2019:1438",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
              },
              {
                "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/36"
              },
              {
                "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
              },
              {
                "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
              },
              {
                "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX235225"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.synology.com/support/security/Synology_SA_18_23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xenbits.xen.org/xsa/advisory-263.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
              },
              {
                "name": "openSUSE-SU-2020:1325",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-3639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T20:13:59.457681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T20:14:05.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple",
              "vendor": "Intel Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Multiple"
                }
              ]
            }
          ],
          "datePublic": "2018-05-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-02T20:06:27.000Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "RHSA-2018:1689",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1689"
            },
            {
              "name": "RHSA-2018:2162",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2162"
            },
            {
              "name": "RHSA-2018:1641",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1641"
            },
            {
              "name": "USN-3680-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3680-1/"
            },
            {
              "name": "RHSA-2018:1997",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1997"
            },
            {
              "name": "RHSA-2018:1665",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1665"
            },
            {
              "name": "RHSA-2018:3407",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3407"
            },
            {
              "name": "RHSA-2018:2164",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2164"
            },
            {
              "name": "RHSA-2018:2001",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2001"
            },
            {
              "name": "RHSA-2018:3423",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3423"
            },
            {
              "name": "RHSA-2018:2003",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2003"
            },
            {
              "name": "USN-3654-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3654-1/"
            },
            {
              "name": "RHSA-2018:1645",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1645"
            },
            {
              "name": "RHSA-2018:1643",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1643"
            },
            {
              "name": "RHSA-2018:1652",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1652"
            },
            {
              "name": "RHSA-2018:3424",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3424"
            },
            {
              "name": "RHSA-2018:3402",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3402"
            },
            {
              "name": "TA18-141A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
            },
            {
              "name": "RHSA-2018:1656",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1656"
            },
            {
              "name": "RHSA-2018:1664",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1664"
            },
            {
              "name": "RHSA-2018:2258",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2258"
            },
            {
              "name": "RHSA-2018:1688",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1688"
            },
            {
              "name": "RHSA-2018:1658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1658"
            },
            {
              "name": "RHSA-2018:1657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1657"
            },
            {
              "name": "RHSA-2018:2289",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2289"
            },
            {
              "name": "RHSA-2018:1666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1666"
            },
            {
              "name": "1042004",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042004"
            },
            {
              "name": "RHSA-2018:1675",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1675"
            },
            {
              "name": "RHSA-2018:1660",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1660"
            },
            {
              "name": "RHSA-2018:1965",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1965"
            },
            {
              "name": "RHSA-2018:1661",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1661"
            },
            {
              "name": "RHSA-2018:1633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1633"
            },
            {
              "name": "RHSA-2018:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1636"
            },
            {
              "name": "RHSA-2018:1854",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1854"
            },
            {
              "name": "RHSA-2018:2006",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2006"
            },
            {
              "name": "RHSA-2018:2250",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2250"
            },
            {
              "name": "1040949",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040949"
            },
            {
              "name": "RHSA-2018:3401",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3401"
            },
            {
              "name": "RHSA-2018:1737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "name": "RHSA-2018:1826",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1826"
            },
            {
              "name": "USN-3651-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3651-1/"
            },
            {
              "name": "DSA-4210",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4210"
            },
            {
              "name": "44695",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44695/"
            },
            {
              "name": "RHSA-2018:1651",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1651"
            },
            {
              "name": "RHSA-2018:1638",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1638"
            },
            {
              "name": "RHSA-2018:1696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1696"
            },
            {
              "name": "RHSA-2018:2246",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2246"
            },
            {
              "name": "RHSA-2018:1644",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1644"
            },
            {
              "name": "RHSA-2018:1646",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1646"
            },
            {
              "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
            },
            {
              "name": "RHSA-2018:1639",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1639"
            },
            {
              "name": "RHSA-2018:1668",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1668"
            },
            {
              "name": "RHSA-2018:1637",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1637"
            },
            {
              "name": "RHSA-2018:2948",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "VU#180049",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "RHSA-2018:1686",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1686"
            },
            {
              "name": "RHSA-2018:2172",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2172"
            },
            {
              "name": "RHSA-2018:1663",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1663"
            },
            {
              "name": "USN-3652-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3652-1/"
            },
            {
              "name": "RHSA-2018:1629",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1629"
            },
            {
              "name": "RHSA-2018:1655",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1655"
            },
            {
              "name": "RHSA-2018:1640",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1640"
            },
            {
              "name": "RHSA-2018:1669",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1669"
            },
            {
              "name": "RHSA-2018:1676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1676"
            },
            {
              "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
            },
            {
              "name": "RHSA-2018:3425",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3425"
            },
            {
              "name": "RHSA-2018:2363",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2363"
            },
            {
              "name": "RHSA-2018:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1632"
            },
            {
              "name": "RHSA-2018:1650",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1650"
            },
            {
              "name": "RHSA-2018:2396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2396"
            },
            {
              "name": "RHSA-2018:2364",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2364"
            },
            {
              "name": "USN-3653-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3653-2/"
            },
            {
              "name": "RHSA-2018:2216",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2216"
            },
            {
              "name": "USN-3655-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3655-1/"
            },
            {
              "name": "RHSA-2018:1649",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1649"
            },
            {
              "name": "RHSA-2018:2309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2309"
            },
            {
              "name": "104232",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104232"
            },
            {
              "name": "RHSA-2018:1653",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1653"
            },
            {
              "name": "RHSA-2018:2171",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2171"
            },
            {
              "name": "RHSA-2018:1635",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1635"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "RHSA-2018:2394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "name": "RHSA-2018:1710",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1710"
            },
            {
              "name": "RHSA-2018:1659",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1659"
            },
            {
              "name": "RHSA-2018:1711",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1711"
            },
            {
              "name": "DSA-4273",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4273"
            },
            {
              "name": "RHSA-2018:1738",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1738"
            },
            {
              "name": "RHSA-2018:1674",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1674"
            },
            {
              "name": "RHSA-2018:3396",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3396"
            },
            {
              "name": "RHSA-2018:1667",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1667"
            },
            {
              "name": "USN-3654-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3654-2/"
            },
            {
              "name": "RHSA-2018:1662",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1662"
            },
            {
              "name": "RHSA-2018:1630",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1630"
            },
            {
              "name": "RHSA-2018:1647",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1647"
            },
            {
              "name": "RHSA-2018:1967",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1967"
            },
            {
              "name": "USN-3655-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3655-2/"
            },
            {
              "name": "RHSA-2018:3399",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3399"
            },
            {
              "name": "RHSA-2018:2060",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2060"
            },
            {
              "name": "RHSA-2018:1690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1690"
            },
            {
              "name": "USN-3653-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3653-1/"
            },
            {
              "name": "RHSA-2018:2161",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2161"
            },
            {
              "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
            },
            {
              "name": "RHSA-2018:2328",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2328"
            },
            {
              "name": "RHSA-2018:1648",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1648"
            },
            {
              "name": "RHSA-2018:2387",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2387"
            },
            {
              "name": "RHSA-2019:0148",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0148"
            },
            {
              "name": "RHSA-2018:1654",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1654"
            },
            {
              "name": "USN-3679-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3679-1/"
            },
            {
              "name": "USN-3777-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3777-3/"
            },
            {
              "name": "RHSA-2018:1642",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1642"
            },
            {
              "name": "RHSA-2018:3397",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3397"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "USN-3756-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3756-1/"
            },
            {
              "name": "RHSA-2018:3398",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3398"
            },
            {
              "name": "RHSA-2018:3400",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3400"
            },
            {
              "name": "RHSA-2018:2228",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2228"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "RHSA-2019:1046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1046"
            },
            {
              "name": "openSUSE-SU-2019:1439",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
            },
            {
              "name": "openSUSE-SU-2019:1438",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/36"
            },
            {
              "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
            },
            {
              "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.citrix.com/article/CTX235225"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.synology.com/support/security/Synology_SA_18_23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xenbits.xen.org/xsa/advisory-263.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
            },
            {
              "name": "openSUSE-SU-2020:1325",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@intel.com",
              "DATE_PUBLIC": "2018-05-21T00:00:00",
              "ID": "CVE-2018-3639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Multiple",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Multiple"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Intel Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:1689",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1689"
                },
                {
                  "name": "RHSA-2018:2162",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2162"
                },
                {
                  "name": "RHSA-2018:1641",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1641"
                },
                {
                  "name": "USN-3680-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3680-1/"
                },
                {
                  "name": "RHSA-2018:1997",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1997"
                },
                {
                  "name": "RHSA-2018:1665",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1665"
                },
                {
                  "name": "RHSA-2018:3407",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3407"
                },
                {
                  "name": "RHSA-2018:2164",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2164"
                },
                {
                  "name": "RHSA-2018:2001",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2001"
                },
                {
                  "name": "RHSA-2018:3423",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3423"
                },
                {
                  "name": "RHSA-2018:2003",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2003"
                },
                {
                  "name": "USN-3654-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3654-1/"
                },
                {
                  "name": "RHSA-2018:1645",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1645"
                },
                {
                  "name": "RHSA-2018:1643",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1643"
                },
                {
                  "name": "RHSA-2018:1652",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1652"
                },
                {
                  "name": "RHSA-2018:3424",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3424"
                },
                {
                  "name": "RHSA-2018:3402",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3402"
                },
                {
                  "name": "TA18-141A",
                  "refsource": "CERT",
                  "url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
                },
                {
                  "name": "RHSA-2018:1656",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1656"
                },
                {
                  "name": "RHSA-2018:1664",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1664"
                },
                {
                  "name": "RHSA-2018:2258",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2258"
                },
                {
                  "name": "RHSA-2018:1688",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1688"
                },
                {
                  "name": "RHSA-2018:1658",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1658"
                },
                {
                  "name": "RHSA-2018:1657",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1657"
                },
                {
                  "name": "RHSA-2018:2289",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2289"
                },
                {
                  "name": "RHSA-2018:1666",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1666"
                },
                {
                  "name": "1042004",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042004"
                },
                {
                  "name": "RHSA-2018:1675",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1675"
                },
                {
                  "name": "RHSA-2018:1660",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1660"
                },
                {
                  "name": "RHSA-2018:1965",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1965"
                },
                {
                  "name": "RHSA-2018:1661",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1661"
                },
                {
                  "name": "RHSA-2018:1633",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1633"
                },
                {
                  "name": "RHSA-2018:1636",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1636"
                },
                {
                  "name": "RHSA-2018:1854",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1854"
                },
                {
                  "name": "RHSA-2018:2006",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2006"
                },
                {
                  "name": "RHSA-2018:2250",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2250"
                },
                {
                  "name": "1040949",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040949"
                },
                {
                  "name": "RHSA-2018:3401",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3401"
                },
                {
                  "name": "RHSA-2018:1737",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1737"
                },
                {
                  "name": "RHSA-2018:1826",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1826"
                },
                {
                  "name": "USN-3651-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3651-1/"
                },
                {
                  "name": "DSA-4210",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4210"
                },
                {
                  "name": "44695",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44695/"
                },
                {
                  "name": "RHSA-2018:1651",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1651"
                },
                {
                  "name": "RHSA-2018:1638",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1638"
                },
                {
                  "name": "RHSA-2018:1696",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1696"
                },
                {
                  "name": "RHSA-2018:2246",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2246"
                },
                {
                  "name": "RHSA-2018:1644",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1644"
                },
                {
                  "name": "RHSA-2018:1646",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1646"
                },
                {
                  "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
                },
                {
                  "name": "RHSA-2018:1639",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1639"
                },
                {
                  "name": "RHSA-2018:1668",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1668"
                },
                {
                  "name": "RHSA-2018:1637",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1637"
                },
                {
                  "name": "RHSA-2018:2948",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2948"
                },
                {
                  "name": "VU#180049",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/180049"
                },
                {
                  "name": "RHSA-2018:1686",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1686"
                },
                {
                  "name": "RHSA-2018:2172",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2172"
                },
                {
                  "name": "RHSA-2018:1663",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1663"
                },
                {
                  "name": "USN-3652-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3652-1/"
                },
                {
                  "name": "RHSA-2018:1629",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1629"
                },
                {
                  "name": "RHSA-2018:1655",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1655"
                },
                {
                  "name": "RHSA-2018:1640",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1640"
                },
                {
                  "name": "RHSA-2018:1669",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1669"
                },
                {
                  "name": "RHSA-2018:1676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1676"
                },
                {
                  "name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
                },
                {
                  "name": "RHSA-2018:3425",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3425"
                },
                {
                  "name": "RHSA-2018:2363",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2363"
                },
                {
                  "name": "RHSA-2018:1632",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1632"
                },
                {
                  "name": "RHSA-2018:1650",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1650"
                },
                {
                  "name": "RHSA-2018:2396",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2396"
                },
                {
                  "name": "RHSA-2018:2364",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2364"
                },
                {
                  "name": "USN-3653-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3653-2/"
                },
                {
                  "name": "RHSA-2018:2216",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2216"
                },
                {
                  "name": "USN-3655-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3655-1/"
                },
                {
                  "name": "RHSA-2018:1649",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1649"
                },
                {
                  "name": "RHSA-2018:2309",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2309"
                },
                {
                  "name": "104232",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104232"
                },
                {
                  "name": "RHSA-2018:1653",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1653"
                },
                {
                  "name": "RHSA-2018:2171",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2171"
                },
                {
                  "name": "RHSA-2018:1635",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1635"
                },
                {
                  "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
                },
                {
                  "name": "RHSA-2018:2394",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2394"
                },
                {
                  "name": "RHSA-2018:1710",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1710"
                },
                {
                  "name": "RHSA-2018:1659",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1659"
                },
                {
                  "name": "RHSA-2018:1711",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1711"
                },
                {
                  "name": "DSA-4273",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4273"
                },
                {
                  "name": "RHSA-2018:1738",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1738"
                },
                {
                  "name": "RHSA-2018:1674",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1674"
                },
                {
                  "name": "RHSA-2018:3396",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3396"
                },
                {
                  "name": "RHSA-2018:1667",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1667"
                },
                {
                  "name": "USN-3654-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3654-2/"
                },
                {
                  "name": "RHSA-2018:1662",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1662"
                },
                {
                  "name": "RHSA-2018:1630",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1630"
                },
                {
                  "name": "RHSA-2018:1647",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1647"
                },
                {
                  "name": "RHSA-2018:1967",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1967"
                },
                {
                  "name": "USN-3655-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3655-2/"
                },
                {
                  "name": "RHSA-2018:3399",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3399"
                },
                {
                  "name": "RHSA-2018:2060",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2060"
                },
                {
                  "name": "RHSA-2018:1690",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1690"
                },
                {
                  "name": "USN-3653-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3653-1/"
                },
                {
                  "name": "RHSA-2018:2161",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2161"
                },
                {
                  "name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
                },
                {
                  "name": "RHSA-2018:2328",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2328"
                },
                {
                  "name": "RHSA-2018:1648",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1648"
                },
                {
                  "name": "RHSA-2018:2387",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2387"
                },
                {
                  "name": "RHSA-2019:0148",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:0148"
                },
                {
                  "name": "RHSA-2018:1654",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1654"
                },
                {
                  "name": "USN-3679-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3679-1/"
                },
                {
                  "name": "USN-3777-3",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3777-3/"
                },
                {
                  "name": "RHSA-2018:1642",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1642"
                },
                {
                  "name": "RHSA-2018:3397",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3397"
                },
                {
                  "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
                },
                {
                  "name": "USN-3756-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3756-1/"
                },
                {
                  "name": "RHSA-2018:3398",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3398"
                },
                {
                  "name": "RHSA-2018:3400",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3400"
                },
                {
                  "name": "RHSA-2018:2228",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2228"
                },
                {
                  "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
                },
                {
                  "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
                },
                {
                  "name": "RHSA-2019:1046",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:1046"
                },
                {
                  "name": "openSUSE-SU-2019:1439",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
                },
                {
                  "name": "openSUSE-SU-2019:1438",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
                },
                {
                  "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jun/36"
                },
                {
                  "name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
                },
                {
                  "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
                },
                {
                  "name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
                },
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
                },
                {
                  "name": "https://support.citrix.com/article/CTX235225",
                  "refsource": "CONFIRM",
                  "url": "https://support.citrix.com/article/CTX235225"
                },
                {
                  "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
                },
                {
                  "name": "https://www.synology.com/support/security/Synology_SA_18_23",
                  "refsource": "CONFIRM",
                  "url": "https://www.synology.com/support/security/Synology_SA_18_23"
                },
                {
                  "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
                },
                {
                  "name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
                },
                {
                  "name": "http://xenbits.xen.org/xsa/advisory-263.html",
                  "refsource": "CONFIRM",
                  "url": "http://xenbits.xen.org/xsa/advisory-263.html"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
                },
                {
                  "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
                  "refsource": "CONFIRM",
                  "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
                },
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
                },
                {
                  "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
                  "refsource": "CONFIRM",
                  "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
                },
                {
                  "name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
                },
                {
                  "name": "openSUSE-SU-2020:1325",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2018-3639",
        "datePublished": "2018-05-22T12:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2026-05-29T20:14:05.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-18017 (GCVE-0-2017-18017)

    Vulnerability from cvelistv5 – Published: 2018-01-03 06:00 – Updated: 2025-01-03 12:04
    VLAI
    Summary
    The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.debian.org/security/2018/dsa-4187 vendor-advisoryx_refsource_DEBIAN
    https://usn.ubuntu.com/3583-2/ vendor-advisoryx_refsource_UBUNTU
    http://patchwork.ozlabs.org/patch/746618/ x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1737 vendor-advisoryx_refsource_REDHAT
    https://www.kernel.org/pub/linux/kernel/v4.x/Chan… x_refsource_MISC
    https://lkml.org/lkml/2017/4/2/13 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1062 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:1319 vendor-advisoryx_refsource_REDHAT
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    https://usn.ubuntu.com/3583-1/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:0676 vendor-advisoryx_refsource_REDHAT
    https://bugs.launchpad.net/ubuntu/+source/linux/+… x_refsource_MISC
    https://github.com/torvalds/linux/commit/2638fd0f… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1170 vendor-advisoryx_refsource_REDHAT
    http://git.kernel.org/cgit/linux/kernel/git/torva… x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:1130 vendor-advisoryx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/102367 vdb-entryx_refsource_BID
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3583-1 vendor-advisoryx_refsource_UBUNTU
    https://support.f5.com/csp/article/K18352029 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3583-2 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.arista.com/en/support/advisories-noti… x_refsource_MISC
    https://security.netapp.com/advisory/ntap-2025010…
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-03T12:04:18.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4187",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4187"
              },
              {
                "name": "USN-3583-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3583-2/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://patchwork.ozlabs.org/patch/746618/"
              },
              {
                "name": "RHSA-2018:1737",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1737"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lkml.org/lkml/2017/4/2/13"
              },
              {
                "name": "RHSA-2018:1062",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1062"
              },
              {
                "name": "RHSA-2018:1319",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1319"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "name": "USN-3583-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3583-1/"
              },
              {
                "name": "RHSA-2018:0676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0676"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
              },
              {
                "name": "RHSA-2018:1170",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
              },
              {
                "name": "RHSA-2018:1130",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1130"
              },
              {
                "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
              },
              {
                "name": "102367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102367"
              },
              {
                "name": "SUSE-SU-2018:0834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
              },
              {
                "name": "SUSE-SU-2018:0848",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
              },
              {
                "name": "SUSE-SU-2018:0383",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
              },
              {
                "name": "USN-3583-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3583-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K18352029"
              },
              {
                "name": "SUSE-SU-2018:0555",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
              },
              {
                "name": "openSUSE-SU-2018:0408",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
              },
              {
                "name": "SUSE-SU-2018:0986",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
              },
              {
                "name": "SUSE-SU-2018:0416",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
              },
              {
                "name": "SUSE-SU-2018:0482",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
              },
              {
                "name": "SUSE-SU-2018:0841",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
              },
              {
                "name": "USN-3583-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3583-2"
              },
              {
                "name": "SUSE-SU-2018:0660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250103-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-08T11:33:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-4187",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3583-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3583-2/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://patchwork.ozlabs.org/patch/746618/"
            },
            {
              "name": "RHSA-2018:1737",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1737"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lkml.org/lkml/2017/4/2/13"
            },
            {
              "name": "RHSA-2018:1062",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1062"
            },
            {
              "name": "RHSA-2018:1319",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1319"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "USN-3583-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3583-1/"
            },
            {
              "name": "RHSA-2018:0676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0676"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
            },
            {
              "name": "RHSA-2018:1170",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
            },
            {
              "name": "RHSA-2018:1130",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1130"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "102367",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102367"
            },
            {
              "name": "SUSE-SU-2018:0834",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
            },
            {
              "name": "SUSE-SU-2018:0848",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
            },
            {
              "name": "SUSE-SU-2018:0383",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
            },
            {
              "name": "USN-3583-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3583-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K18352029"
            },
            {
              "name": "SUSE-SU-2018:0555",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
            },
            {
              "name": "openSUSE-SU-2018:0408",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
            },
            {
              "name": "SUSE-SU-2018:0986",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
            },
            {
              "name": "SUSE-SU-2018:0416",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
            },
            {
              "name": "SUSE-SU-2018:0482",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
            },
            {
              "name": "SUSE-SU-2018:0841",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
            },
            {
              "name": "USN-3583-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3583-2"
            },
            {
              "name": "SUSE-SU-2018:0660",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18017",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4187",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4187"
                },
                {
                  "name": "USN-3583-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3583-2/"
                },
                {
                  "name": "http://patchwork.ozlabs.org/patch/746618/",
                  "refsource": "MISC",
                  "url": "http://patchwork.ozlabs.org/patch/746618/"
                },
                {
                  "name": "RHSA-2018:1737",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1737"
                },
                {
                  "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36",
                  "refsource": "MISC",
                  "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
                },
                {
                  "name": "https://lkml.org/lkml/2017/4/2/13",
                  "refsource": "MISC",
                  "url": "https://lkml.org/lkml/2017/4/2/13"
                },
                {
                  "name": "RHSA-2018:1062",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1062"
                },
                {
                  "name": "RHSA-2018:1319",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1319"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "USN-3583-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3583-1/"
                },
                {
                  "name": "RHSA-2018:0676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0676"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901",
                  "refsource": "MISC",
                  "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
                },
                {
                  "name": "RHSA-2018:1170",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1170"
                },
                {
                  "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901",
                  "refsource": "MISC",
                  "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
                },
                {
                  "name": "RHSA-2018:1130",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1130"
                },
                {
                  "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
                },
                {
                  "name": "102367",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102367"
                },
                {
                  "name": "SUSE-SU-2018:0834",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
                },
                {
                  "name": "SUSE-SU-2018:0848",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
                },
                {
                  "name": "SUSE-SU-2018:0383",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
                },
                {
                  "name": "USN-3583-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3583-1"
                },
                {
                  "name": "https://support.f5.com/csp/article/K18352029",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K18352029"
                },
                {
                  "name": "SUSE-SU-2018:0555",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
                },
                {
                  "name": "openSUSE-SU-2018:0408",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
                },
                {
                  "name": "SUSE-SU-2018:0986",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
                },
                {
                  "name": "SUSE-SU-2018:0416",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
                },
                {
                  "name": "SUSE-SU-2018:0482",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
                },
                {
                  "name": "SUSE-SU-2018:0841",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
                },
                {
                  "name": "USN-3583-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3583-2"
                },
                {
                  "name": "SUSE-SU-2018:0660",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
                },
                {
                  "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34",
                  "refsource": "MISC",
                  "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18017",
        "datePublished": "2018-01-03T06:00:00.000Z",
        "dateReserved": "2018-01-03T00:00:00.000Z",
        "dateUpdated": "2025-01-03T12:04:18.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-7283 (GCVE-0-2014-7283)

    Vulnerability from cvelistv5 – Published: 2014-10-13 10:00 – Updated: 2024-08-06 12:47
    VLAI
    Summary
    The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:47:31.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70261",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70261"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d"
              },
              {
                "name": "[xfs] 20140327 xfs errors while unlinking filenames with hash collisions",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=linux-xfs\u0026m=139590613002926\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2"
              },
              {
                "name": "[oss-security] 20141002 xfs directory hash ordering bug",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/10/01/29"
              },
              {
                "name": "RHSA-2014:1943",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2014-1943.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c88547a8119e3b581318ab65e9b72f27f23e641d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148777"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-12-04T15:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "70261",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70261"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d"
            },
            {
              "name": "[xfs] 20140327 xfs errors while unlinking filenames with hash collisions",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=linux-xfs\u0026m=139590613002926\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2"
            },
            {
              "name": "[oss-security] 20141002 xfs directory hash ordering bug",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/10/01/29"
            },
            {
              "name": "RHSA-2014:1943",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1943.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c88547a8119e3b581318ab65e9b72f27f23e641d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148777"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-7283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70261",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70261"
                },
                {
                  "name": "https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/torvalds/linux/commit/c88547a8119e3b581318ab65e9b72f27f23e641d"
                },
                {
                  "name": "[xfs] 20140327 xfs errors while unlinking filenames with hash collisions",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=linux-xfs\u0026m=139590613002926\u0026w=2"
                },
                {
                  "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2",
                  "refsource": "CONFIRM",
                  "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2"
                },
                {
                  "name": "[oss-security] 20141002 xfs directory hash ordering bug",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/10/01/29"
                },
                {
                  "name": "RHSA-2014:1943",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2014-1943.html"
                },
                {
                  "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c88547a8119e3b581318ab65e9b72f27f23e641d",
                  "refsource": "CONFIRM",
                  "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c88547a8119e3b581318ab65e9b72f27f23e641d"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1148777",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148777"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-7283",
        "datePublished": "2014-10-13T10:00:00.000Z",
        "dateReserved": "2014-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:47:31.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3547 (GCVE-0-2009-3547)

    Vulnerability from cvelistv5 – Published: 2009-11-04 15:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2009-16… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/512019/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/36901 vdb-entryx_refsource_BID
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    https://rhn.redhat.com/errata/RHSA-2009-1540.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/usn-864-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/38794 third-party-advisoryx_refsource_SECUNIA
    http://lists.vmware.com/pipermail/security-announ… mailing-listx_refsource_MLIST
    http://lkml.org/lkml/2009/10/21/42 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://rhn.redhat.com/errata/RHSA-2009-1541.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/37351 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://marc.info/?l=oss-security&m=125724568017045&w=2 mailing-listx_refsource_MLIST
    https://rhn.redhat.com/errata/RHSA-2009-1548.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/38834 third-party-advisoryx_refsource_SECUNIA
    http://lkml.org/lkml/2009/10/14/184 mailing-listx_refsource_MLIST
    https://rhn.redhat.com/errata/RHSA-2009-1550.html vendor-advisoryx_refsource_REDHAT
    http://www.kernel.org/pub/linux/kernel/v2.6/testi… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=530490 x_refsource_CONFIRM
    http://secunia.com/advisories/38017 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2010/0528 vdb-entryx_refsource_VUPEN
    Date Public
    2009-10-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:11513",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
              },
              {
                "name": "RHSA-2009:1672",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
              },
              {
                "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
              },
              {
                "name": "36901",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36901"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
              },
              {
                "name": "RHSA-2009:1540",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
              },
              {
                "name": "USN-864-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-864-1"
              },
              {
                "name": "38794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38794"
              },
              {
                "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
              },
              {
                "name": "[linux-kernel] 20091021 Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lkml.org/lkml/2009/10/21/42"
              },
              {
                "name": "SUSE-SA:2010:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
              },
              {
                "name": "RHSA-2009:1541",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
              },
              {
                "name": "MDVSA-2009:329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
              },
              {
                "name": "37351",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37351"
              },
              {
                "name": "SUSE-SA:2009:056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
              },
              {
                "name": "SUSE-SA:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
              },
              {
                "name": "oval:org.mitre.oval:def:7608",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
              },
              {
                "name": "[oss-security] 20091103 CVE-2009-3547 kernel: fs: pipe.c null pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
              },
              {
                "name": "RHSA-2009:1548",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
              },
              {
                "name": "38834",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38834"
              },
              {
                "name": "[linux-kernel] 20091014 fs/pipe.c null pointer dereference",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lkml.org/lkml/2009/10/14/184"
              },
              {
                "name": "RHSA-2009:1550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
              },
              {
                "name": "oval:org.mitre.oval:def:9327",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
              },
              {
                "name": "SUSE-SA:2009:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
              },
              {
                "name": "38017",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38017"
              },
              {
                "name": "FEDORA-2009-11038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
              },
              {
                "name": "ADV-2010-0528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0528"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-10-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:11513",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
            },
            {
              "name": "RHSA-2009:1672",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
            },
            {
              "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
            },
            {
              "name": "36901",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36901"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
            },
            {
              "name": "RHSA-2009:1540",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
            },
            {
              "name": "USN-864-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-864-1"
            },
            {
              "name": "38794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "[linux-kernel] 20091021 Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lkml.org/lkml/2009/10/21/42"
            },
            {
              "name": "SUSE-SA:2010:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
            },
            {
              "name": "RHSA-2009:1541",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
            },
            {
              "name": "MDVSA-2009:329",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
            },
            {
              "name": "37351",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37351"
            },
            {
              "name": "SUSE-SA:2009:056",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
            },
            {
              "name": "SUSE-SA:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7608",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
            },
            {
              "name": "[oss-security] 20091103 CVE-2009-3547 kernel: fs: pipe.c null pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
            },
            {
              "name": "RHSA-2009:1548",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
            },
            {
              "name": "38834",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38834"
            },
            {
              "name": "[linux-kernel] 20091014 fs/pipe.c null pointer dereference",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lkml.org/lkml/2009/10/14/184"
            },
            {
              "name": "RHSA-2009:1550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
            },
            {
              "name": "oval:org.mitre.oval:def:9327",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
            },
            {
              "name": "SUSE-SA:2009:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
            },
            {
              "name": "38017",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38017"
            },
            {
              "name": "FEDORA-2009-11038",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
            },
            {
              "name": "ADV-2010-0528",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2009-3547",
        "datePublished": "2009-11-04T15:00:00.000Z",
        "dateReserved": "2009-10-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:10.441Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3620 (GCVE-0-2009-3620)

    Vulnerability from cvelistv5 – Published: 2009-10-22 15:26 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openwall.com/lists/oss-security/2009/10/19/3 mailing-listx_refsource_MLIST
    http://www.redhat.com/support/errata/RHSA-2009-16… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/36824 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://rhn.redhat.com/errata/RHSA-2009-1540.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=529597 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/usn-864-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/38794 third-party-advisoryx_refsource_SECUNIA
    http://lists.vmware.com/pipermail/security-announ… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/36707 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://article.gmane.org/gmane.linux.kernel/892259 mailing-listx_refsource_MLIST
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kernel.org/pub/linux/kernel/v2.6/snaps… x_refsource_CONFIRM
    http://secunia.com/advisories/37909 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2010-08… vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2009-16… vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2009/10/19/1 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/38834 third-party-advisoryx_refsource_SECUNIA
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2010/0528 vdb-entryx_refsource_VUPEN
    Date Public
    2009-09-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/10/19/3"
              },
              {
                "name": "RHSA-2009:1671",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
              },
              {
                "name": "36824",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36824"
              },
              {
                "name": "oval:org.mitre.oval:def:9891",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891"
              },
              {
                "name": "RHSA-2009:1540",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529597"
              },
              {
                "name": "SUSE-SA:2009:061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
              },
              {
                "name": "USN-864-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-864-1"
              },
              {
                "name": "38794",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38794"
              },
              {
                "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
              },
              {
                "name": "36707",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36707"
              },
              {
                "name": "MDVSA-2010:198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
              },
              {
                "name": "[linux-kernel] 20090921 [git pull] drm tree.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.linux.kernel/892259"
              },
              {
                "name": "MDVSA-2010:088",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"
              },
              {
                "name": "SUSE-SA:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log"
              },
              {
                "name": "37909",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37909"
              },
              {
                "name": "oval:org.mitre.oval:def:6763",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763"
              },
              {
                "name": "RHSA-2010:0882",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
              },
              {
                "name": "RHSA-2009:1670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
              },
              {
                "name": "SUSE-SA:2009:064",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
              },
              {
                "name": "[oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/10/19/1"
              },
              {
                "name": "38834",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38834"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7"
              },
              {
                "name": "SUSE-SA:2010:013",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
              },
              {
                "name": "FEDORA-2009-11038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
              },
              {
                "name": "ADV-2010-0528",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0528"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-09-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/10/19/3"
            },
            {
              "name": "RHSA-2009:1671",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
            },
            {
              "name": "36824",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36824"
            },
            {
              "name": "oval:org.mitre.oval:def:9891",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891"
            },
            {
              "name": "RHSA-2009:1540",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529597"
            },
            {
              "name": "SUSE-SA:2009:061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
            },
            {
              "name": "USN-864-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-864-1"
            },
            {
              "name": "38794",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "36707",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36707"
            },
            {
              "name": "MDVSA-2010:198",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
            },
            {
              "name": "[linux-kernel] 20090921 [git pull] drm tree.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.linux.kernel/892259"
            },
            {
              "name": "MDVSA-2010:088",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:088"
            },
            {
              "name": "SUSE-SA:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log"
            },
            {
              "name": "37909",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37909"
            },
            {
              "name": "oval:org.mitre.oval:def:6763",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763"
            },
            {
              "name": "RHSA-2010:0882",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
            },
            {
              "name": "RHSA-2009:1670",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
            },
            {
              "name": "SUSE-SA:2009:064",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
            },
            {
              "name": "[oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/10/19/1"
            },
            {
              "name": "38834",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38834"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7"
            },
            {
              "name": "SUSE-SA:2010:013",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
            },
            {
              "name": "FEDORA-2009-11038",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
            },
            {
              "name": "ADV-2010-0528",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2009-3620",
        "datePublished": "2009-10-22T15:26:00.000Z",
        "dateReserved": "2009-10-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:10.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }