Vulnerability-Lookup

CVE-2019-11091 (GCVE-0-2019-11091)

Vulnerability from cvelistv5 – Published: 2019-05-30 15:28 – Updated: 2026-05-28 18:17

Summary

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Severity

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

Information Disclosure

Assigner

intel

References

22 references

URL	Tags
https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:1455	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3977-3/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
https://seclists.org/bugtraq/2019/Jun/28	mailing-listx_refsource_BUGTRAQ
https://seclists.org/bugtraq/2019/Jun/36	mailing-listx_refsource_BUGTRAQ
http://www.arubanetworks.com/assets/alert/ARUBA-P…	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://www.freebsd.org/security/advisories/FreeB…	vendor-advisoryx_refsource_FREEBSD
https://access.redhat.com/errata/RHSA-2019:2553	vendor-advisoryx_refsource_REDHAT
https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
https://seclists.org/bugtraq/2019/Nov/15	mailing-listx_refsource_BUGTRAQ
https://www.debian.org/security/2020/dsa-4602	vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2020/Jan/21	mailing-listx_refsource_BUGTRAQ
https://security.gentoo.org/glsa/202003-56	vendor-advisoryx_refsource_GENTOO

Impacted products

1 product

Vendor	Product	Version
Intel Corporation	Central Processing Units (CPUs)	Affected: A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Date Public

2019-05-14 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:16.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
          },
          {
            "name": "FEDORA-2019-1f5832fc0e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
          },
          {
            "name": "openSUSE-SU-2019:1505",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
          },
          {
            "name": "RHSA-2019:1455",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1455"
          },
          {
            "name": "USN-3977-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3977-3/"
          },
          {
            "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
          },
          {
            "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/28"
          },
          {
            "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
          },
          {
            "name": "openSUSE-SU-2019:1805",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
          },
          {
            "name": "openSUSE-SU-2019:1806",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
          },
          {
            "name": "FreeBSD-SA-19:07",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
          },
          {
            "name": "RHSA-2019:2553",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2553"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          },
          {
            "name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/15"
          },
          {
            "name": "DSA-4602",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4602"
          },
          {
            "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Jan/21"
          },
          {
            "name": "GLSA-202003-56",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-56"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-11091",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T18:16:57.036809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T18:17:01.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Central Processing Units (CPUs)",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
            }
          ]
        }
      ],
      "datePublic": "2019-05-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-26T14:06:10.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
        },
        {
          "name": "FEDORA-2019-1f5832fc0e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
        },
        {
          "name": "openSUSE-SU-2019:1505",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
        },
        {
          "name": "RHSA-2019:1455",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1455"
        },
        {
          "name": "USN-3977-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3977-3/"
        },
        {
          "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
        },
        {
          "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/28"
        },
        {
          "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
        },
        {
          "name": "openSUSE-SU-2019:1805",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
        },
        {
          "name": "openSUSE-SU-2019:1806",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
        },
        {
          "name": "FreeBSD-SA-19:07",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
        },
        {
          "name": "RHSA-2019:2553",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2553"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        },
        {
          "name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/15"
        },
        {
          "name": "DSA-4602",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4602"
        },
        {
          "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Jan/21"
        },
        {
          "name": "GLSA-202003-56",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-56"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-11091",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Central Processing Units (CPUs)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_24",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_24"
            },
            {
              "name": "FEDORA-2019-1f5832fc0e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/"
            },
            {
              "name": "openSUSE-SU-2019:1505",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html"
            },
            {
              "name": "RHSA-2019:1455",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1455"
            },
            {
              "name": "USN-3977-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3977-3/"
            },
            {
              "name": "[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4447-2] intel-microcode security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/28"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/36"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en"
            },
            {
              "name": "openSUSE-SU-2019:1805",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html"
            },
            {
              "name": "openSUSE-SU-2019:1806",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html"
            },
            {
              "name": "FreeBSD-SA-19:07",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc"
            },
            {
              "name": "RHSA-2019:2553",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2553"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "name": "20191112 [SECURITY] [DSA 4564-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/15"
            },
            {
              "name": "DSA-4602",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4602"
            },
            {
              "name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Jan/21"
            },
            {
              "name": "GLSA-202003-56",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-56"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2019-11091",
    "datePublished": "2019-05-30T15:28:28.000Z",
    "dateReserved": "2019-04-11T00:00:00.000Z",
    "dateUpdated": "2026-05-28T18:17:01.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-11091",
      "date": "2026-05-28",
      "epss": "0.01697",
      "percentile": "0.82567"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-11091\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2019-05-30T16:29:01.417\",\"lastModified\":\"2026-05-28T19:16:28.573\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\"},{\"lang\":\"es\",\"value\":\"En Microarchitectural Data Sampling Uncacheable Memory (MDSUM): La memoria no almacenable en algunos microprocesadores que utilizan ejecuci\u00f3n especulativa puede permitir a un usuario autenticado activar potencialmente la divulgaci\u00f3n de informaci\u00f3n por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aqu\u00ed: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":4.0}],\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:N/A:N\",\"baseScore\":4.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:microarchitectural_data_sampling_uncacheable_memory_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B28D458-E322-4CCE-9E5C-D56E9FF70198\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:microarchitectural_data_sampling_uncacheable_memory:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74BFF53A-9A81-48DD-B69D-ADF88EBD9835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html\",\"source\":\"secure@intel.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html\",\"source\":\"secure@intel.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html\",\"source\":\"secure@intel.com\"},{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt\",\"source\":\"secure@intel.com\"},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en\",\"source\":\"secure@intel.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1455\",\"source\":\"secure@intel.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2553\",\"source\":\"secure@intel.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\",\"source\":\"secure@intel.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf\",\"source\":\"secure@intel.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292\",\"source\":\"secure@intel.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html\",\"source\":\"secure@intel.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/\",\"source\":\"secure@intel.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/28\",\"source\":\"secure@intel.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/36\",\"source\":\"secure@intel.com\"},{\"url\":\"https://seclists.org/bugtraq/2019/Nov/15\",\"source\":\"secure@intel.com\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"secure@intel.com\"},{\"url\":\"https://security.gentoo.org/glsa/202003-56\",\"source\":\"secure@intel.com\"},{\"url\":\"https://usn.ubuntu.com/3977-3/\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_24\",\"source\":\"secure@intel.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Nov/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202003-56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3977-3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_24\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/\", \"name\": \"FEDORA-2019-1f5832fc0e\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html\", \"name\": \"openSUSE-SU-2019:1505\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1455\", \"name\": \"RHSA-2019:1455\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3977-3/\", \"name\": \"USN-3977-3\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html\", \"name\": \"[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/28\", \"name\": \"20190624 [SECURITY] [DSA 4447-2] intel-microcode security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/36\", \"name\": \"20190624 [SECURITY] [DSA 4469-1] libvirt security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html\", \"name\": \"openSUSE-SU-2019:1805\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html\", \"name\": \"openSUSE-SU-2019:1806\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc\", \"name\": \"FreeBSD-SA-19:07\", \"tags\": [\"vendor-advisory\", \"x_refsource_FREEBSD\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2553\", \"name\": \"RHSA-2019:2553\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Nov/15\", \"name\": \"20191112 [SECURITY] [DSA 4564-1] linux security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"name\": \"DSA-4602\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"name\": \"20200114 [SECURITY] [DSA 4602-1] xen security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-56\", \"name\": \"GLSA-202003-56\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T22:40:16.292Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-11091\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-28T18:16:57.036809Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-28T18:16:49.518Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Intel Corporation\", \"product\": \"Central Processing Units (CPUs)\", \"versions\": [{\"status\": \"affected\", \"version\": \"A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\"}]}], \"datePublic\": \"2019-05-14T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_24\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/\", \"name\": \"FEDORA-2019-1f5832fc0e\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html\", \"name\": \"openSUSE-SU-2019:1505\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1455\", \"name\": \"RHSA-2019:1455\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://usn.ubuntu.com/3977-3/\", \"name\": \"USN-3977-3\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html\", \"name\": \"[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/28\", \"name\": \"20190624 [SECURITY] [DSA 4447-2] intel-microcode security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/36\", \"name\": \"20190624 [SECURITY] [DSA 4469-1] libvirt security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html\", \"name\": \"openSUSE-SU-2019:1805\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html\", \"name\": \"openSUSE-SU-2019:1806\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc\", \"name\": \"FreeBSD-SA-19:07\", \"tags\": [\"vendor-advisory\", \"x_refsource_FREEBSD\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2553\", \"name\": \"RHSA-2019:2553\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Nov/15\", \"name\": \"20191112 [SECURITY] [DSA 4564-1] linux security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"name\": \"DSA-4602\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"name\": \"20200114 [SECURITY] [DSA 4602-1] xen security update\", \"tags\": [\"mailing-list\", \"x_refsource_BUGTRAQ\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-56\", \"name\": \"GLSA-202003-56\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Information Disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2020-03-26T14:06:10.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\"}]}, \"product_name\": \"Central Processing Units (CPUs)\"}]}, \"vendor_name\": \"Intel Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.synology.com/security/advisory/Synology_SA_19_24\", \"name\": \"https://www.synology.com/security/advisory/Synology_SA_19_24\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/\", \"name\": \"FEDORA-2019-1f5832fc0e\", \"refsource\": \"FEDORA\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html\", \"name\": \"openSUSE-SU-2019:1505\", \"refsource\": \"SUSE\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1455\", \"name\": \"RHSA-2019:1455\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://usn.ubuntu.com/3977-3/\", \"name\": \"USN-3977-3\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00018.html\", \"name\": \"[debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/28\", \"name\": \"20190624 [SECURITY] [DSA 4447-2] intel-microcode security update\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/36\", \"name\": \"20190624 [SECURITY] [DSA 4469-1] libvirt security update\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt\", \"name\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en\", \"name\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html\", \"name\": \"openSUSE-SU-2019:1805\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html\", \"name\": \"openSUSE-SU-2019:1806\", \"refsource\": \"SUSE\"}, {\"url\": \"https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc\", \"name\": \"FreeBSD-SA-19:07\", \"refsource\": \"FREEBSD\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2553\", \"name\": \"RHSA-2019:2553\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292\", \"name\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10292\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://seclists.org/bugtraq/2019/Nov/15\", \"name\": \"20191112 [SECURITY] [DSA 4564-1] linux security update\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"name\": \"DSA-4602\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"name\": \"20200114 [SECURITY] [DSA 4602-1] xen security update\", \"refsource\": \"BUGTRAQ\"}, {\"url\": \"https://security.gentoo.org/glsa/202003-56\", \"name\": \"GLSA-202003-56\", \"refsource\": \"GENTOO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Information Disclosure\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-11091\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@intel.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-11091\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-28T18:17:01.249Z\", \"dateReserved\": \"2019-04-11T00:00:00.000Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2019-05-30T15:28:28.000Z\", \"assignerShortName\": \"intel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

BDU:2019-01957

Vulnerability from fstec - Published: 06.03.2019

Title

Уязвимость процессоров Intel, связанная с микроархитектурной выборкой данных некэшируемой памяти (MDSUM), позволяющая нарушителю раскрыть защищаемую информацию

Description

Уязвимость процессоров Intel связана c микроархитектурной выборкой данных некэшируемой памяти (MDSUM). Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию

Severity


                    
                      AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Vendor

Red Hat Inc., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Intel Corp., Siemens AG, Fedora Project, Novell Inc., АО "НППКТ"

Software Name

Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Intel Pentium, Intel Celeron, SIMATIC IPC427C, SIMATIC IPC477C, SINUMERIK 840D sl, SINUMERIK TCU 30.3, SINUMERIK PCU 50.5, Fedora, Red Hat Enterprise MRG, 8th Generation Intel Core, 8th Generation Intel Core i7, 5th Generation Intel Core, 9th Generation Intel Core, 4th Generation Intel Core, 3th Generation Intel Core, 6th Generation Intel Core, Legacy Intel Celeron, Legacy Intel Core, Legacy Intel Pentium, Intel Xeon E3, Intel Puma, Intel Atom C Series, Intel Pentium Silver Series, Intel Xeon E5 v3, Intel Xeon E7 v3, Intel Xeon E3 v3, Intel Xeon E Series, Intel Pentium Gold Series, Intel Celeron G Series, Intel Pentium J Series, Intel Pentium N Series, Intel Celeron J Series, Intel Celeron N Series, Intel Atom A Series, Intel Atom E3900 Series, Intel Xeon D, Intel Core X-series, Intel Xeon E5 v4, Intel Xeon E7 v4, Intel Xeon E3 v4, Intel Atom X series, Intel Xeon E5 v2, Intel Xeon E7 v2, Intel Xeon E3 v2, Intel Xeon E3 v6, Intel Xeon E5, Intel Xeon Scalable, Intel Xeon E3 v5, Intel Celeron W, Intel Atom Z series, Intel Atom E3800 Series, Intel Mobile Communications Platforms, OpenSUSE Leap, Red Hat Virtualization, SIMATIC Field PG M4, SIMATIC Field PG M5, SIMATIC Field PG M6, SIMATIC IPC377E, SIMATIC IPC347E, SIMATIC IPC327E, SIMATIC IPC427D, SIMATIC IPC427E, SIMATIC IPC477D, SIMATIC IPC477E, SIMATIC IPC477E Pro, SIMATIC IPC547E, SIMATIC IPC547G, SIMATIC IPC627C, SIMATIC IPC627D, SIMATIC IPC647C, SIMATIC IPC647D, SIMATIC IPC677C, SIMATIC IPC677D, SIMATIC IPC827C, SIMATIC IPC827D, SIMATIC IPC847C, SIMATIC IPC847D, SIMATIC IPC847E, SIMATIC IPC677E, SIMATIC IPC627E, SIMATIC IPC527G, SIMATIC IPC127E, SIMATIC IPC2X7E, SIMATIC IPC3000 SMART V2, SIMATIC ITP1000, SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP, SIMOTION P320-4E, SIMOTION P320-4S, SINUMERIK Panels with integrated TCU, SIMATIC IPC647E, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Linux

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 6.5 Advanced Update Support (Red Hat Enterprise Linux), 6.6 Advanced Update Support (Red Hat Enterprise Linux), 1.5 «Смоленск» (Astra Linux Special Edition), 9 (Debian GNU/Linux), - (Intel Pentium), - (Intel Celeron), 1.6 «Смоленск» (Astra Linux Special Edition), - (SIMATIC IPC427C), - (SIMATIC IPC477C), - (SINUMERIK 840D sl), - (SINUMERIK TCU 30.3), - (SINUMERIK PCU 50.5), 29 (Fedora), 2.0 (Red Hat Enterprise MRG), - (8th Generation Intel Core), - (8th Generation Intel Core i7), - (5th Generation Intel Core), - (9th Generation Intel Core), - (4th Generation Intel Core), - (3th Generation Intel Core), - (6th Generation Intel Core), - (Legacy Intel Celeron), - (Legacy Intel Core), - (Legacy Intel Pentium), - (Intel Xeon E3), - (Intel Puma), - (Intel Atom C Series), - (Intel Pentium Silver Series), - (Intel Xeon E5 v3), - (Intel Xeon E7 v3), - (Intel Xeon E3 v3), - (Intel Xeon E Series), - (Intel Pentium Gold Series), - (Intel Celeron G Series), - (Intel Pentium J Series), - (Intel Pentium N Series), - (Intel Celeron J Series), - (Intel Celeron N Series), - (Intel Atom A Series), - (Intel Atom E3900 Series), - (Intel Xeon D), - (Intel Core X-series), - (Intel Xeon E5 v4), - (Intel Xeon E7 v4), - (Intel Xeon E3 v4), - (Intel Atom X series), - (Intel Xeon E5 v2), - (Intel Xeon E7 v2), - (Intel Xeon E3 v2), - (Intel Xeon E3 v6), - (Intel Xeon E5), - (Intel Xeon Scalable), - (Intel Xeon E3 v5), - (Intel Celeron W), - (Intel Atom Z series), - (Intel Atom E3800 Series), - (Intel Mobile Communications Platforms), Virtualization 4 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 4.0 (Red Hat Virtualization), 7.4 EUS (Red Hat Enterprise Linux), 7.5 EUS (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), - (SIMATIC Field PG M4), - (SIMATIC Field PG M5), - (SIMATIC Field PG M6), - (SIMATIC IPC377E), - (SIMATIC IPC347E), - (SIMATIC IPC327E), - (SIMATIC IPC427D), до 21.01.11 (SIMATIC IPC427E), - (SIMATIC IPC477D), до 21.01.11 (SIMATIC IPC477E), до 21.01.11 (SIMATIC IPC477E Pro), - (SIMATIC IPC547E), - (SIMATIC IPC547G), - (SIMATIC IPC627C), - (SIMATIC IPC627D), - (SIMATIC IPC647C), - (SIMATIC IPC647D), - (SIMATIC IPC677C), - (SIMATIC IPC677D), - (SIMATIC IPC827C), - (SIMATIC IPC827D), - (SIMATIC IPC847C), - (SIMATIC IPC847D), до 25.02.04 (SIMATIC IPC847E), до 25.02.04 (SIMATIC IPC677E), до 25.02.04 (SIMATIC IPC627E), - (SIMATIC IPC527G), - (SIMATIC IPC127E), - (SIMATIC IPC2X7E), - (SIMATIC IPC3000 SMART V2), - (SIMATIC ITP1000), - (SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP), - (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP), - (SIMOTION P320-4E), - (SIMOTION P320-4S), - (SINUMERIK Panels with integrated TCU), 10 (Debian GNU/Linux), 7.2 Advanced Update Support (Red Hat Enterprise Linux), 7.2 Telco Extended Update Support (Red Hat Enterprise Linux), до v25.02.04 (SIMATIC IPC647E), 7.3 Extended Update Support (Red Hat Enterprise Linux), 7.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.3 Telco Extended Update Support (Red Hat Enterprise Linux), 7.3 Update Services for SAP Solutions (Red Hat Enterprise Linux), до 2.5 (ОСОН ОСнова Оnyx), от 4.0 до 4.4.179 включительно (Linux), от 4.5 до 4.9.175 включительно (Linux), от 4.10 до 4.14.118 включительно (Linux), от 4.15 до 4.19.42 включительно (Linux), от 4.20 до 5.0.15 включительно (Linux), от 5.1.0 до 5.1.1 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.119 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.43 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.180 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.176 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.16 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2 Для программных продуктов Intel Corp.: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html Обновление BIOS: Для SIMATIC IPC427E, SIMATIC IPC477E и SIMATIC IPC477E Pro до V21.01.11: https://support.industry.siemens.com/cs/ww/en/ view/109742593 Для SIMATIC IPC627E, SIMATIC IPC647E, SIMATIC IPC677E и SIMATIC IPC847E до V25.02.04: https://support.industry.siemens.com/cs/ww/en/ view/XXX Для Field PG M6 до V26.01.05: https://support.industry.siemens.com/cs/ww/en/view/109763408 Для Field PG M4 до V18.01.09: https://support.industry.siemens.com/cs/ww/en/view/109763408 Для Field PG M5 до V22.01.07: https://support.industry.siemens.com/cs/ww/en/view/109763408 Для SIMATIC IPC427D, SIMATIC IPC477D, SIMOTION P320-4E и SIMOTION P320-4S до V17.0X.16: https://support.industry.siemens.com/cs/ww/en/view/109763408 Для SIMATIC IPC627D, SIMATIC IPC677D и SIMATIC IPC827D до V19.02.12: https://support.industry.siemens.com/cs/ww/en/view/109763408 Для SIMATIC IPC647D и SIMATIC IPC847D до V19.01.15: https://support.industry.siemens.com/cs/ww/en/view/109763408 Для SIMATIC ITP1000 до V23.01.06: https://support.industry.siemens.com/cs/ww/en/view/109763408 Для SIMATIC IPC547G до VR1.24.0: https://support.industry.siemens.com/cs/ww/en/view/109763408 Для SINUMERIK Panels with integrated TCU: Следовать рекомендациям SINUMERIK PCU или SINUMERIK TCU Компенсирующие меры: Ограничить возможность запуска ненадежного код применять концепцию "Глубокой защиты" Для программных продуктов Novell Inc.: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html Для программных продуктов Red Hat Inc.: https://bugzilla.redhat.com/show_bug.cgi?id=1705312 Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/ Для Debian: https://security-tracker.debian.org/tracker/CVE-2019-11091 Для Astra Linux: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 Для ОСОН Основа: Обновление программного обеспечения libvirt до версии 8.1.0-2onyx0 Для ОС ОН «Стрелец»: Обновление программного обеспечения libvirt до версии 3.0.0-4+deb9u5 Обновление программного обеспечения xen до версии 4.8.5.final+shim4.10.4-1+deb9u12

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html https://bugzilla.redhat.com/show_bug.cgi?id=1705312 https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.119 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.43 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.180 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.176 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.16 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/ https://nvd.nist.gov/vuln/detail/CVE-2019-11091 https://security-tracker.debian.org/tracker/CVE-2019-11091 https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://support.industry.siemens.com/cs/ww/en/view/109742593 https://support.industry.siemens.com/cs/ww/en/view/XXX https://ubuntu.com/security/notices/USN-3977-1 https://ubuntu.com/security/notices/USN-3977-2 https://ubuntu.com/security/notices/USN-3977-3 https://ubuntu.com/security/notices/USN-3978-1 https://ubuntu.com/security/notices/USN-3979-1 https://ubuntu.com/security/notices/USN-3980-1 https://ubuntu.com/security/notices/USN-3980-2 https://ubuntu.com/security/notices/USN-3981-1 https://ubuntu.com/security/notices/USN-3981-2 https://ubuntu.com/security/notices/USN-3982-1 https://ubuntu.com/security/notices/USN-3982-2 https://ubuntu.com/security/notices/USN-3983-1 https://ubuntu.com/security/notices/USN-3983-2 https://ubuntu.com/security/notices/USN-3984-1 https://ubuntu.com/security/notices/USN-3985-1 https://ubuntu.com/security/notices/USN-3985-2 https://usn.ubuntu.com/usn/usn-3977-1 https://usn.ubuntu.com/usn/usn-3977-2 https://usn.ubuntu.com/usn/usn-3977-3 https://usn.ubuntu.com/usn/usn-3978-1 https://usn.ubuntu.com/usn/usn-3979-1 https://usn.ubuntu.com/usn/usn-3980-1 https://usn.ubuntu.com/usn/usn-3980-2 https://usn.ubuntu.com/usn/usn-3981-1 https://usn.ubuntu.com/usn/usn-3981-2 https://usn.ubuntu.com/usn/usn-3982-1 https://usn.ubuntu.com/usn/usn-3982-2 https://usn.ubuntu.com/usn/usn-3983-1 https://usn.ubuntu.com/usn/usn-3983-2 https://usn.ubuntu.com/usn/usn-3984-1 https://usn.ubuntu.com/usn/usn-3985-1 https://usn.ubuntu.com/usn/usn-3985-2 https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.cve.org/CVERecord?id=CVE-2019-11091 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html https://www.vmware.com/security/advisories/VMSA-2019-0008.html https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/

CWE

CWE-203, CWE-385

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:S/C:C/I:N/A:N",
  "CVSS 3.0": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Intel Corp., Siemens AG, Fedora Project, Novell Inc., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 6.5 Advanced Update Support (Red Hat Enterprise Linux), 6.6 Advanced Update Support (Red Hat Enterprise Linux), 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 9 (Debian GNU/Linux), - (Intel Pentium), - (Intel Celeron), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), - (SIMATIC IPC427C), - (SIMATIC IPC477C), - (SINUMERIK 840D sl), - (SINUMERIK TCU 30.3), - (SINUMERIK PCU 50.5), 29 (Fedora), 2.0 (Red Hat Enterprise MRG), - (8th Generation Intel Core), - (8th Generation Intel Core i7), - (5th Generation Intel Core), - (9th Generation Intel Core), - (4th Generation Intel Core), - (3th Generation Intel Core), - (6th Generation Intel Core), - (Legacy Intel Celeron), - (Legacy Intel Core), - (Legacy Intel Pentium), - (Intel Xeon E3), - (Intel Puma), - (Intel Atom C Series), - (Intel Pentium Silver Series), - (Intel Xeon E5 v3), - (Intel Xeon E7 v3), - (Intel Xeon E3 v3), - (Intel Xeon E Series), - (Intel Pentium Gold Series), - (Intel Celeron G Series), - (Intel Pentium J Series), - (Intel Pentium N Series), - (Intel Celeron J Series), - (Intel Celeron N Series), - (Intel Atom A Series), - (Intel Atom E3900 Series), - (Intel Xeon D), - (Intel Core X-series), - (Intel Xeon E5 v4), - (Intel Xeon E7 v4), - (Intel Xeon E3 v4), - (Intel Atom X series), - (Intel Xeon E5 v2), - (Intel Xeon E7 v2), - (Intel Xeon E3 v2), - (Intel Xeon E3 v6), - (Intel Xeon E5), - (Intel Xeon Scalable), - (Intel Xeon E3 v5), - (Intel Celeron W), - (Intel Atom Z series), - (Intel Atom E3800 Series), - (Intel Mobile Communications Platforms), Virtualization 4 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 4.0 (Red Hat Virtualization), 7.4 EUS (Red Hat Enterprise Linux), 7.5 EUS (Red Hat Enterprise Linux), 8 (Debian GNU/Linux), - (SIMATIC Field PG M4), - (SIMATIC Field PG M5), - (SIMATIC Field PG M6), - (SIMATIC IPC377E), - (SIMATIC IPC347E), - (SIMATIC IPC327E), - (SIMATIC IPC427D), \u0434\u043e 21.01.11 (SIMATIC IPC427E), - (SIMATIC IPC477D), \u0434\u043e 21.01.11 (SIMATIC IPC477E), \u0434\u043e 21.01.11 (SIMATIC IPC477E Pro), - (SIMATIC IPC547E), - (SIMATIC IPC547G), - (SIMATIC IPC627C), - (SIMATIC IPC627D), - (SIMATIC IPC647C), - (SIMATIC IPC647D), - (SIMATIC IPC677C), - (SIMATIC IPC677D), - (SIMATIC IPC827C), - (SIMATIC IPC827D), - (SIMATIC IPC847C), - (SIMATIC IPC847D), \u0434\u043e 25.02.04 (SIMATIC IPC847E), \u0434\u043e 25.02.04 (SIMATIC IPC677E), \u0434\u043e 25.02.04 (SIMATIC IPC627E), - (SIMATIC IPC527G), - (SIMATIC IPC127E), - (SIMATIC IPC2X7E), - (SIMATIC IPC3000 SMART V2), - (SIMATIC ITP1000), - (SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP), - (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP), - (SIMOTION P320-4E), - (SIMOTION P320-4S), - (SINUMERIK Panels with integrated TCU), 10 (Debian GNU/Linux), 7.2 Advanced Update Support (Red Hat Enterprise Linux), 7.2 Telco Extended Update Support (Red Hat Enterprise Linux), \u0434\u043e v25.02.04 (SIMATIC IPC647E), 7.3 Extended Update Support (Red Hat Enterprise Linux), 7.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.3 Telco Extended Update Support (Red Hat Enterprise Linux), 7.3 Update Services for SAP Solutions (Red Hat Enterprise Linux), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 4.0 \u0434\u043e 4.4.179 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.175 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.118 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.42 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.0.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.1.0 \u0434\u043e 5.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.119\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.43\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.180\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.176\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.16\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Intel Corp.:\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 BIOS: \n\u0414\u043b\u044f SIMATIC IPC427E, SIMATIC IPC477E \u0438 SIMATIC IPC477E Pro \u0434\u043e V21.01.11:\nhttps://support.industry.siemens.com/cs/ww/en/\nview/109742593\n\n\u0414\u043b\u044f SIMATIC IPC627E, SIMATIC IPC647E, SIMATIC IPC677E \u0438 SIMATIC IPC847E \u0434\u043e V25.02.04:\nhttps://support.industry.siemens.com/cs/ww/en/\nview/XXX\n\n\u0414\u043b\u044f Field PG M6 \u0434\u043e V26.01.05:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763408\n\n\u0414\u043b\u044f Field PG M4 \u0434\u043e V18.01.09:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763408\n\n\u0414\u043b\u044f Field PG M5 \u0434\u043e V22.01.07:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763408\n\n\u0414\u043b\u044f SIMATIC IPC427D, SIMATIC IPC477D, SIMOTION P320-4E \u0438 SIMOTION P320-4S \u0434\u043e V17.0X.16:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763408\n\n\u0414\u043b\u044f SIMATIC IPC627D, SIMATIC IPC677D \u0438 SIMATIC IPC827D \u0434\u043e V19.02.12:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763408\n\n\u0414\u043b\u044f SIMATIC IPC647D \u0438 SIMATIC IPC847D \u0434\u043e V19.01.15:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763408\n\n\u0414\u043b\u044f SIMATIC ITP1000 \u0434\u043e V23.01.06:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763408\n\n\u0414\u043b\u044f SIMATIC IPC547G \u0434\u043e VR1.24.0:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763408\n\n\u0414\u043b\u044f SINUMERIK Panels with integrated TCU:\n\u0421\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c SINUMERIK PCU \u0438\u043b\u0438 SINUMERIK TCU\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b: \n\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u043a\u043e\u0434 \n\u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u044e \"\u0413\u043b\u0443\u0431\u043e\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b\"\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1705312\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2019-11091\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libvirt \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 8.1.0-2onyx0\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libvirt \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 3.0.0-4+deb9u5\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f xen \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.8.5.final+shim4.10.4-1+deb9u12",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.03.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.06.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01957",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-11091",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Intel Pentium, Intel Celeron, SIMATIC IPC427C, SIMATIC IPC477C, SINUMERIK 840D sl, SINUMERIK TCU 30.3, SINUMERIK PCU 50.5, Fedora, Red Hat Enterprise MRG, 8th Generation Intel Core, 8th Generation Intel Core i7, 5th Generation Intel Core, 9th Generation Intel Core, 4th Generation Intel Core, 3th Generation Intel Core, 6th Generation Intel Core, Legacy Intel Celeron, Legacy Intel Core, Legacy Intel Pentium, Intel Xeon E3, Intel Puma, Intel Atom C Series, Intel Pentium Silver Series, Intel Xeon E5 v3, Intel Xeon E7 v3, Intel Xeon E3 v3, Intel Xeon E Series, Intel Pentium Gold Series, Intel Celeron G Series, Intel Pentium J Series, Intel Pentium N Series, Intel Celeron J Series, Intel Celeron N Series, Intel Atom A Series, Intel Atom E3900 Series, Intel Xeon D, Intel Core X-series, Intel Xeon E5 v4, Intel Xeon E7 v4, Intel Xeon E3 v4, Intel Atom X series, Intel Xeon E5 v2, Intel Xeon E7 v2, Intel Xeon E3 v2, Intel Xeon E3 v6, Intel Xeon E5, Intel Xeon Scalable, Intel Xeon E3 v5, Intel Celeron W, Intel Atom Z series, Intel Atom E3800 Series, Intel Mobile Communications Platforms, OpenSUSE Leap, Red Hat Virtualization, SIMATIC Field PG M4, SIMATIC Field PG M5, SIMATIC Field PG M6, SIMATIC IPC377E, SIMATIC IPC347E, SIMATIC IPC327E, SIMATIC IPC427D, SIMATIC IPC427E, SIMATIC IPC477D, SIMATIC IPC477E, SIMATIC IPC477E Pro, SIMATIC IPC547E, SIMATIC IPC547G, SIMATIC IPC627C, SIMATIC IPC627D, SIMATIC IPC647C, SIMATIC IPC647D, SIMATIC IPC677C, SIMATIC IPC677D, SIMATIC IPC827C, SIMATIC IPC827D, SIMATIC IPC847C, SIMATIC IPC847D, SIMATIC IPC847E, SIMATIC IPC677E, SIMATIC IPC627E, SIMATIC IPC527G, SIMATIC IPC127E, SIMATIC IPC2X7E, SIMATIC IPC3000 SMART V2, SIMATIC ITP1000, SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP, SIMOTION P320-4E, SIMOTION P320-4S, SINUMERIK Panels with integrated TCU, SIMATIC IPC647E, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 29 , Red Hat Inc. Red Hat Enterprise Linux Virtualization 4 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , Red Hat Inc. Red Hat Enterprise Linux 7.4 EUS , Red Hat Inc. Red Hat Enterprise Linux 7.5 EUS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Red Hat Inc. Red Hat Enterprise Linux 7.2 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.2 Telco Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.3 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 6.5 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 6.6 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 7.3 Telco Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Intel, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043c\u0438\u043a\u0440\u043e\u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0432\u044b\u0431\u043e\u0440\u043a\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0435\u043a\u044d\u0448\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (MDSUM), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0439 (CWE-203), \u0421\u043a\u0440\u044b\u0442\u044b\u0439 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u043a\u0430\u043d\u0430\u043b (CWE-385)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u043e\u0432 Intel \u0441\u0432\u044f\u0437\u0430\u043d\u0430 c \u043c\u0438\u043a\u0440\u043e\u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0432\u044b\u0431\u043e\u0440\u043a\u043e\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0435\u043a\u044d\u0448\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (MDSUM). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1705312\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.119\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.43\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.180\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.176\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.16\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH73SGTJ575OBCPSJFX6LX7KP2KZIEN4/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11091\nhttps://security-tracker.debian.org/tracker/CVE-2019-11091\nhttps://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://support.industry.siemens.com/cs/ww/en/view/109742593\nhttps://support.industry.siemens.com/cs/ww/en/view/XXX\nhttps://ubuntu.com/security/notices/USN-3977-1\nhttps://ubuntu.com/security/notices/USN-3977-2\nhttps://ubuntu.com/security/notices/USN-3977-3\nhttps://ubuntu.com/security/notices/USN-3978-1\nhttps://ubuntu.com/security/notices/USN-3979-1\nhttps://ubuntu.com/security/notices/USN-3980-1\nhttps://ubuntu.com/security/notices/USN-3980-2\nhttps://ubuntu.com/security/notices/USN-3981-1\nhttps://ubuntu.com/security/notices/USN-3981-2\nhttps://ubuntu.com/security/notices/USN-3982-1\nhttps://ubuntu.com/security/notices/USN-3982-2\nhttps://ubuntu.com/security/notices/USN-3983-1\nhttps://ubuntu.com/security/notices/USN-3983-2\nhttps://ubuntu.com/security/notices/USN-3984-1\nhttps://ubuntu.com/security/notices/USN-3985-1\nhttps://ubuntu.com/security/notices/USN-3985-2\nhttps://usn.ubuntu.com/usn/usn-3977-1\nhttps://usn.ubuntu.com/usn/usn-3977-2\nhttps://usn.ubuntu.com/usn/usn-3977-3\nhttps://usn.ubuntu.com/usn/usn-3978-1\nhttps://usn.ubuntu.com/usn/usn-3979-1\nhttps://usn.ubuntu.com/usn/usn-3980-1\nhttps://usn.ubuntu.com/usn/usn-3980-2\nhttps://usn.ubuntu.com/usn/usn-3981-1\nhttps://usn.ubuntu.com/usn/usn-3981-2\nhttps://usn.ubuntu.com/usn/usn-3982-1\nhttps://usn.ubuntu.com/usn/usn-3982-2\nhttps://usn.ubuntu.com/usn/usn-3983-1\nhttps://usn.ubuntu.com/usn/usn-3983-2\nhttps://usn.ubuntu.com/usn/usn-3984-1\nhttps://usn.ubuntu.com/usn/usn-3985-1\nhttps://usn.ubuntu.com/usn/usn-3985-2\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.cve.org/CVERecord?id=CVE-2019-11091\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html\nhttps://www.vmware.com/security/advisories/VMSA-2019-0008.html\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-203, CWE-385",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,6)"
}

CERTFR-2019-AVI-209

Vulnerability from certfr_avis - Published: 2019-05-14 - Updated: 2019-05-14

De multiples vulnérabilités ont été découvertes dans les processeurs Intel. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Intel	N/A	https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00233 du 14 mai 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    }
  ],
  "initial_release_date": "2019-05-14T00:00:00",
  "last_revision_date": "2019-05-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-209",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les processeurs\nIntel. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les processeurs Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00233 du 14 mai 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html"
    }
  ]
}

CERTFR-2019-AVI-211

Vulnerability from certfr_avis - Published: 2019-05-15 - Updated: 2019-05-15

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP4

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2019:1242-1 du 14 mai 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Server 12-SP4",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2018-16880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16880"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-9003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9003"
    },
    {
      "name": "CVE-2019-9500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9500"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3882"
    }
  ],
  "initial_release_date": "2019-05-15T00:00:00",
  "last_revision_date": "2019-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-211",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service \u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1242-1 du 14 mai 2019",
      "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191242-1/"
    }
  ]
}

CERTFR-2019-AVI-212

Vulnerability from certfr_avis - Published: 2019-05-15 - Updated: 2019-05-15

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 19.04
Ubuntu	Ubuntu	Ubuntu 18.10
Ubuntu	Ubuntu	Ubuntu 12.04 ESM
Ubuntu	Ubuntu	Ubuntu 14.04 ESM

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-3982-1 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3980-1 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3979-1 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3981-2 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3984-1 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3981-1 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3983-2 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3982-2 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3983-1 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3980-2 du 14 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 19.04",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 12.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 ESM",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2019-3874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3874"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-9500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9500"
    },
    {
      "name": "CVE-2019-3887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3887"
    },
    {
      "name": "CVE-2018-16884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16884"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3882"
    },
    {
      "name": "CVE-2019-1999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1999"
    },
    {
      "name": "CVE-2019-11683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11683"
    }
  ],
  "initial_release_date": "2019-05-15T00:00:00",
  "last_revision_date": "2019-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-212",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-15T00:00:00.000000"
    },
    {
      "description": "Ajout des bulletins de s\u00e9curit\u00e9 Ubuntu USN-3981-2, USN-3983-2 et USN-3984-1",
      "revision_date": "2019-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3982-1 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3982-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3980-1 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3980-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3979-1 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3979-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3981-2 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3981-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3984-1 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3984-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3981-1 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3981-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3983-2 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3983-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3982-2 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3982-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3983-1 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3983-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3980-2 du 14 mai 2019",
      "url": "https://usn.ubuntu.com/3980-2/"
    }
  ]
}

CERTFR-2019-AVI-213

Vulnerability from certfr_avis - Published: 2019-05-15 - Updated: 2019-05-15

De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.3 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, little endian 7 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder pour Power, little endian 8 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, big endian 6 ppc64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 6.5 x86_64
Red Hat	N/A	MRG Realtime 2 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour IBM z Systems 6 s390x
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Real Time pour NFV 7 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.4 s390x
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.4 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 7.3 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Real Time 7 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.6 s390x
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour x86_64 8 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.6 ppc64le
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.6 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour IBM z Systems 8 s390x
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 7.4 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server 7 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.4 ppc64le
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server 6 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.3 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Desktop 6 i386
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server 6 i386
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.5 ppc64le
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 7.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.6 ppc64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Real Time 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.5 ppc64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.4 ppc64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder pour ARM 64 8 aarch64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Workstation 6 i386
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Scientific Computing 6 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Real Time pour NFV 8 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour IBM z Systems 7 s390x
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 7.3 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Scientific Computing 7 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, big endian 7 ppc64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour ARM 64 8 aarch64
Oracle	Virtualization	Red Hat Virtualization Host 4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.5 s390x
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder pour x86_64 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.4 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux pour Power, little endian 8 ppc64le

References

Title

Publication Time

Tags

Bulletin de sécurité RedHat RHSA-2019:1190 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2019:1155 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2019:1171 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2019:1168 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2019:1174 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2019:1176 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2019:1169 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2019:1196 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2019:1170 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2019:1167 du 14 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.3 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, little endian 7 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Workstation 6 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder pour Power, little endian 8 ppc64le",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, big endian 6 ppc64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - AUS 6.5 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "MRG Realtime 2 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour IBM z Systems 6 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Real Time pour NFV 7 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.4 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - AUS 7.3 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Real Time 7 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.6 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour x86_64 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.6 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.6 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour IBM z Systems 8 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - AUS 7.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server 7 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.4 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server 6 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.3 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Desktop 6 i386",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.6 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server 6 i386",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Workstation 7 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.5 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - TUS 7.6 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - TUS 7.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.6 ppc64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Real Time 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.5 ppc64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.4 ppc64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder pour ARM 64 8 aarch64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Workstation 6 i386",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Scientific Computing 6 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Real Time pour NFV 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour IBM z Systems 7 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - TUS 7.3 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Desktop 6 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - AUS 7.6 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Scientific Computing 7 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, big endian 7 ppc64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Desktop 7 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour ARM 64 8 aarch64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Virtualization Host 4 x86_64",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.5 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder pour x86_64 8 x86_64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.4 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux pour Power, little endian 8 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-12190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12190"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-1068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1068"
    },
    {
      "name": "CVE-2016-7913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7913"
    },
    {
      "name": "CVE-2017-16939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16939"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2017-1000407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000407"
    },
    {
      "name": "CVE-2016-8633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8633"
    },
    {
      "name": "CVE-2017-13215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13215"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2018-18559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18559"
    },
    {
      "name": "CVE-2017-11600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11600"
    },
    {
      "name": "CVE-2017-17558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17558"
    },
    {
      "name": "CVE-2018-3665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    }
  ],
  "initial_release_date": "2019-05-15T00:00:00",
  "last_revision_date": "2019-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-213",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRedHat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1190 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1190"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1155 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1155"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1171 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1171"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1168 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1168"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1174 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1174"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1176 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1176"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1169 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1169"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1196 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1196"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1170 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1170"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1167 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1167"
    }
  ]
}

CERTFR-2019-AVI-215

Vulnerability from certfr_avis - Published: 2019-05-15 - Updated: 2019-05-15

De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	XEN	Xen	Xen toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Xen advisory-297 du 14 mai 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Xen",
        "vendor": {
          "name": "XEN",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    }
  ],
  "initial_release_date": "2019-05-15T00:00:00",
  "last_revision_date": "2019-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen advisory-297 du 14 mai 2019",
      "url": "https://xenbits.xen.org/xsa/advisory-297.html"
    }
  ]
}

CERTFR-2019-AVI-217

Vulnerability from certfr_avis - Published: 2019-05-15 - Updated: 2019-05-15

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	Fusion	VMware Fusion versions 11.x antérieures à 11.1.0
VMware	N/A	VMware Workstation versions 15.x antérieures à 15.1.0
VMware	ESXi	VMware ESXi versions 6.5 antérieures à ESXi650-201905401-BG ou ESXi650-201905402-BG
VMware	vCenter Server	VMware vCenter Server versions 6.7 antérieures à 6.7 U2a
VMware	vCenter Server	VMware vCenter Server versions 6.0 antérieures à 6.0 U3i
VMware	ESXi	VMware ESXi versions 6.7 antérieures à ESXi670-201905401-BG ou ESXi670-201905402-BG ou ESXi670-201905403-BG
VMware	vCenter Server	VMware vCenter Server versions 6.5 antérieures à 6.5 U2g
VMware	ESXi	VMware ESXi versions 6.0 antérieures à ESXi600-201905401-BG ou ESXi600-201905402-BG

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2019-0008 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2019-0007 du 14 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Fusion versions 11.x ant\u00e9rieures \u00e0 11.1.0",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Workstation versions 15.x ant\u00e9rieures \u00e0 15.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi versions 6.5 ant\u00e9rieures \u00e0 ESXi650-201905401-BG ou ESXi650-201905402-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 6.7 ant\u00e9rieures \u00e0 6.7 U2a",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 6.0 ant\u00e9rieures \u00e0 6.0 U3i",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi versions 6.7 ant\u00e9rieures \u00e0 ESXi670-201905401-BG ou ESXi670-201905402-BG ou ESXi670-201905403-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server versions 6.5 ant\u00e9rieures \u00e0 6.5 U2g",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi versions 6.0 ant\u00e9rieures \u00e0 ESXi600-201905401-BG ou ESXi600-201905402-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-5526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5526"
    }
  ],
  "initial_release_date": "2019-05-15T00:00:00",
  "last_revision_date": "2019-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-217",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2019-0008 du 14 mai 2019",
      "url": "https://www.vmware.com/security/advisories/VMSA-2019-0008.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2019-0007 du 14 mai 2019",
      "url": "https://www.vmware.com/security/advisories/VMSA-2019-0007.html"
    }
  ]
}

CERTFR-2019-AVI-229

Vulnerability from certfr_avis - Published: 2019-05-17 - Updated: 2019-05-17

De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 7.2 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 7.2 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.2 x86_64

References

Title

Publication Time

Tags

Bulletin de sécurité RedHat RHSA-2019:1172 du 14 mai 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux Server - AUS 7.2 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - TUS 7.2 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.2 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    }
  ],
  "initial_release_date": "2019-05-17T00:00:00",
  "last_revision_date": "2019-05-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-229",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRedHat. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:1172 du 14 mai 2019",
      "url": "https://access.redhat.com/errata/RHSA-2019:1172"
    }
  ]
}

CERTFR-2019-AVI-233

Vulnerability from certfr_avis - Published: 2019-05-20 - Updated: 2019-05-20

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Module pour Public Cloud 12
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server pour SAP 12-SP1
SUSE	N/A	SUSE Linux Enterprise High Availability 12-SP2
SUSE	N/A	OpenStack Cloud Magnum Orchestration 7
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-BCL
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE	N/A	SUSE OpenStack Cloud 7
SUSE	N/A	SUSE Enterprise Storage 4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server pour SAP 12-SP2

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2019:1287-1 du 17 mai 2019	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2019:1289-1 du 17 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Module pour Public Cloud 12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server pour SAP 12-SP1",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 12-SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "OpenStack Cloud Magnum Orchestration 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP2-BCL",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP1-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE OpenStack Cloud 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Enterprise Storage 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server pour SAP 12-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-18710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18710"
    },
    {
      "name": "CVE-2019-6974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
    },
    {
      "name": "CVE-2018-5391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
    },
    {
      "name": "CVE-2017-7472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7472"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2018-19407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19407"
    },
    {
      "name": "CVE-2018-9568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
    },
    {
      "name": "CVE-2018-19985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
    },
    {
      "name": "CVE-2019-8564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8564"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2017-1000407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000407"
    },
    {
      "name": "CVE-2019-9213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
    },
    {
      "name": "CVE-2017-7273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7273"
    },
    {
      "name": "CVE-2018-18281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18281"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2018-18690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18690"
    },
    {
      "name": "CVE-2018-20169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
    },
    {
      "name": "CVE-2018-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
    },
    {
      "name": "CVE-2016-10741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10741"
    },
    {
      "name": "CVE-2018-14633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
    },
    {
      "name": "CVE-2018-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1091"
    },
    {
      "name": "CVE-2018-1120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1120"
    },
    {
      "name": "CVE-2017-18174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18174"
    },
    {
      "name": "CVE-2018-16884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16884"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2018-9516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
    },
    {
      "name": "CVE-2019-3460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
    },
    {
      "name": "CVE-2019-11486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11486"
    },
    {
      "name": "CVE-2018-19824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19824"
    },
    {
      "name": "CVE-2019-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3882"
    },
    {
      "name": "CVE-2019-7221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
    },
    {
      "name": "CVE-2018-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
    },
    {
      "name": "CVE-2019-7222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7222"
    },
    {
      "name": "CVE-2017-16533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16533"
    },
    {
      "name": "CVE-2016-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8636"
    },
    {
      "name": "CVE-2018-18386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18386"
    },
    {
      "name": "CVE-2017-17741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17741"
    },
    {
      "name": "CVE-2019-3459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
    }
  ],
  "initial_release_date": "2019-05-20T00:00:00",
  "last_revision_date": "2019-05-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-233",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1287-1 du 17 mai 2019",
      "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191287-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1289-1 du 17 mai 2019",
      "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191289-1/"
    }
  ]
}

CERTFR-2019-AVI-281

Vulnerability from certfr_avis - Published: 2019-06-19 - Updated: 2019-06-19

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Debuginfo 11-SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE	N/A	SUSE Linux Enterprise Module pour Basesystem 15-SP1
SUSE	N/A	SUSE Linux Enterprise Module pour Legacy Software 15-SP1
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 15-SP1
SUSE	N/A	SUSE Linux Enterprise Module pour Development Tools 15-SP1
SUSE	N/A	SUSE Linux Enterprise High Availability 15-SP1
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 11-EXTRA
SUSE	N/A	SUSE Linux Enterprise Module pour Live Patching 15-SP1
SUSE	N/A	SUSE Linux Enterprise Module pour Open Buildservice Development Tools 15-SP1

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2019:1550-1 du 18 juin 2019	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2019:14089-1 du 18 juin 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Debuginfo 11-SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 11-SP4-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module pour Basesystem 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module pour Legacy Software 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module pour Development Tools 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 11-EXTRA",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module pour Live Patching 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module pour Open Buildservice Development Tools 15-SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2018-16880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16880"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2019-10124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10124"
    },
    {
      "name": "CVE-2019-8564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8564"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-11833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11833"
    },
    {
      "name": "CVE-2019-11190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
    },
    {
      "name": "CVE-2019-11811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11811"
    },
    {
      "name": "CVE-2018-17972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
    },
    {
      "name": "CVE-2019-11085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11085"
    },
    {
      "name": "CVE-2019-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3846"
    },
    {
      "name": "CVE-2019-5489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2018-7191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
    },
    {
      "name": "CVE-2017-5753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2019-9003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9003"
    },
    {
      "name": "CVE-2019-9500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9500"
    },
    {
      "name": "CVE-2019-11884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
    },
    {
      "name": "CVE-2019-12818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12818"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2019-11815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11815"
    },
    {
      "name": "CVE-2014-9710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9710"
    },
    {
      "name": "CVE-2019-11487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-11486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11486"
    },
    {
      "name": "CVE-2019-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3882"
    },
    {
      "name": "CVE-2019-12819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12819"
    },
    {
      "name": "CVE-2019-12382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
    }
  ],
  "initial_release_date": "2019-06-19T00:00:00",
  "last_revision_date": "2019-06-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-281",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-06-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service \u00e0 distance\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1550-1 du 18 juin 2019",
      "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191550-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:14089-1 du 18 juin 2019",
      "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914089-1/"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-11091 (GCVE-0-2019-11091)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature