Vulnerability-Lookup

BDU:2019-02915

Vulnerability from fstec - Published: 27.03.2019

Title

Уязвимость хеш-функции «jhash» ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

Description

Уязвимость хеш-функции «jhash» ядра операционной системы Linux связана с ошибками обработки полей идентификаторов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию с помощью специально сформированной веб-страницы

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vendor

Canonical Ltd., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Novell Inc., ООО «Открытая мобильная платформа»

Software Name

Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Workstation Extension, SUSE OpenStack Cloud, SUSE Linux Enterprise Module for Open Buildservice Development Tools, OpenSUSE Leap, SUSE Linux Enterprise Module for Basesystem, SUSE CaaS Platform, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Build System Kit, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Live Patching, SUSE Linux Enterprise Module for Public Cloud, ОС Аврора (запись в едином реестре российских программ №1543), Linux

Software Version

16.04 LTS (Ubuntu), 1.5 «Смоленск» (Astra Linux Special Edition), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (SUSE Linux Enterprise Workstation Extension), 12 SP4 (SUSE Linux Enterprise Workstation Extension), 7 (SUSE OpenStack Cloud), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 19.04 (Ubuntu), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 3.0 (SUSE CaaS Platform), 5 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise Module for Development Tools), 15 SP1 (SUSE Linux Enterprise Module for Development Tools), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP3 (SUSE Linux Enterprise Build System Kit), 12 SP4 (SUSE Linux Enterprise Build System Kit), 12 SP2 (SUSE Linux Enterprise High Availability), 12 SP3 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise High Availability), 15 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Live Patching), 15 (SUSE Linux Enterprise Module for Public Cloud), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Live Patching), 8 (SUSE OpenStack Cloud), 12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Public Cloud), 12 SP2-BCL (SUSE Linux Enterprise Point of Sale), 12 SP2-ESPOS (SUSE Linux Enterprise Point of Sale), 12 SP2-LTSS (SUSE Linux Enterprise Point of Sale), 12 SP3 (SUSE Linux Enterprise Point of Sale), 12 SP3-LTSS (SUSE Linux Enterprise Point of Sale), 12 SP4 (SUSE Linux Enterprise Point of Sale), 8 (Debian GNU/Linux), до 4.0.2 (ОС Аврора), от 4.0 до 4.4.178 включительно (Linux), от 4.5 до 4.9.168 включительно (Linux), от 4.10 до 4.14.111 включительно (Linux), от 4.15 до 4.19.34 включительно (Linux), от 4.20 до 5.0.7 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.179 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2019-10638/ Для Debian: Обновление программного обеспечения (пакета linux) до 4.19.37-5+deb10u2 или более поздней версии Для Ubuntu: https://usn.ubuntu.com/4114-1/ https://usn.ubuntu.com/4115-1/ https://usn.ubuntu.com/4116-1/ https://usn.ubuntu.com/4117-1/ https://usn.ubuntu.com/4118-1/ Для Astra Linux: https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15 Для ОС Аврора 3.2.1: https://cve.omprussia.ru/bb10321 Для ОС Аврора 3.2.2: https://cve.omprussia.ru/bb11322 Для ОС Аврора 3.2.3: https://cve.omprussia.ru/bb12323

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/109092 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://arxiv.org/pdf/1906.10478.pdf https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638 https://cve.omprussia.ru/bb10321 https://cve.omprussia.ru/bb11322 https://cve.omprussia.ru/bb12323 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702 https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92 https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.179 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8 https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html https://nvd.nist.gov/vuln/detail/CVE-2019-10638 https://seclists.org/bugtraq/2019/Aug/13 https://seclists.org/bugtraq/2019/Aug/18 https://seclists.org/bugtraq/2019/Nov/11 https://security.netapp.com/advisory/ntap-20190806-0001/ https://security-tracker.debian.org/tracker/CVE-2019-10638 https://ubuntu.com/security/notices/USN-4114-1 https://ubuntu.com/security/notices/USN-4115-1 https://ubuntu.com/security/notices/USN-4116-1 https://ubuntu.com/security/notices/USN-4117-1 https://ubuntu.com/security/notices/USN-4118-1 https://usn.ubuntu.com/4114-1/ https://usn.ubuntu.com/4115-1/ https://usn.ubuntu.com/4116-1/ https://usn.ubuntu.com/4117-1/ https://usn.ubuntu.com/4118-1/ https://usn.ubuntu.com/usn/usn-4114-1 https://usn.ubuntu.com/usn/usn-4115-1 https://usn.ubuntu.com/usn/usn-4116-1 https://usn.ubuntu.com/usn/usn-4117-1 https://usn.ubuntu.com/usn/usn-4118-1 https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15 https://www.cve.org/CVERecord?id=CVE-2019-10638 https://www.debian.org/security/2019/dsa-4495 https://www.debian.org/security/2019/dsa-4497 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.suse.com/security/cve/CVE-2019-10638/

CWE

CWE-200, CWE-326

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (SUSE Linux Enterprise Workstation Extension), 12 SP4 (SUSE Linux Enterprise Workstation Extension), 7 (SUSE OpenStack Cloud), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 19.04 (Ubuntu), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 3.0 (SUSE CaaS Platform), 5 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise Module for Development Tools), 15 SP1 (SUSE Linux Enterprise Module for Development Tools), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP3 (SUSE Linux Enterprise Build System Kit), 12 SP4 (SUSE Linux Enterprise Build System Kit), 12 SP2 (SUSE Linux Enterprise High Availability), 12 SP3 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise High Availability), 15 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Live Patching), 15 (SUSE Linux Enterprise Module for Public Cloud), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Live Patching), 8 (SUSE OpenStack Cloud), 12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Public Cloud), 12 SP2-BCL (SUSE Linux Enterprise Point of Sale), 12 SP2-ESPOS (SUSE Linux Enterprise Point of Sale), 12 SP2-LTSS (SUSE Linux Enterprise Point of Sale), 12 SP3 (SUSE Linux Enterprise Point of Sale), 12 SP3-LTSS (SUSE Linux Enterprise Point of Sale), 12 SP4 (SUSE Linux Enterprise Point of Sale), 8 (Debian GNU/Linux), \u0434\u043e 4.0.2 (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430), \u043e\u0442 4.0 \u0434\u043e 4.4.178 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.168 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.111 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.34 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.0.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.179\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2019-10638/\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 linux) \u0434\u043e 4.19.37-5+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4114-1/\nhttps://usn.ubuntu.com/4115-1/\nhttps://usn.ubuntu.com/4116-1/\nhttps://usn.ubuntu.com/4117-1/\nhttps://usn.ubuntu.com/4118-1/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 3.2.1: \nhttps://cve.omprussia.ru/bb10321\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 3.2.2: \nhttps://cve.omprussia.ru/bb11322\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 3.2.3: \nhttps://cve.omprussia.ru/bb12323",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.03.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.08.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02915",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-10638",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Workstation Extension, SUSE OpenStack Cloud, SUSE Linux Enterprise Module for Open Buildservice Development Tools, OpenSUSE Leap, SUSE Linux Enterprise Module for Basesystem, SUSE CaaS Platform, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Build System Kit, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Live Patching, SUSE Linux Enterprise Module for Public Cloud, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Canonical Ltd. Ubuntu 19.04 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 5.1.7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0445\u0435\u0448-\u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u00abjhash\u00bb \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u0421\u043b\u0430\u0431\u043e\u0435 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435 (CWE-326)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0445\u0435\u0448-\u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u00abjhash\u00bb \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u043e\u043b\u0435\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html\nhttp://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html\nhttp://www.securityfocus.com/bid/109092\nhttps://access.redhat.com/errata/RHSA-2019:3309\nhttps://access.redhat.com/errata/RHSA-2019:3517\nhttps://arxiv.org/pdf/1906.10478.pdf\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638\nhttps://cve.omprussia.ru/bb10321\nhttps://cve.omprussia.ru/bb11322\nhttps://cve.omprussia.ru/bb12323\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702\nhttps://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92\nhttps://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b\nhttps://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.112\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.179\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8\nhttps://lists.debian.org/debian-lts-announce/2019/08/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/08/msg00017.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10638\nhttps://seclists.org/bugtraq/2019/Aug/13\nhttps://seclists.org/bugtraq/2019/Aug/18\nhttps://seclists.org/bugtraq/2019/Nov/11\nhttps://security.netapp.com/advisory/ntap-20190806-0001/\nhttps://security-tracker.debian.org/tracker/CVE-2019-10638\nhttps://ubuntu.com/security/notices/USN-4114-1\nhttps://ubuntu.com/security/notices/USN-4115-1\nhttps://ubuntu.com/security/notices/USN-4116-1\nhttps://ubuntu.com/security/notices/USN-4117-1\nhttps://ubuntu.com/security/notices/USN-4118-1\nhttps://usn.ubuntu.com/4114-1/\nhttps://usn.ubuntu.com/4115-1/\nhttps://usn.ubuntu.com/4116-1/\nhttps://usn.ubuntu.com/4117-1/\nhttps://usn.ubuntu.com/4118-1/\nhttps://usn.ubuntu.com/usn/usn-4114-1\nhttps://usn.ubuntu.com/usn/usn-4115-1\nhttps://usn.ubuntu.com/usn/usn-4116-1\nhttps://usn.ubuntu.com/usn/usn-4117-1\nhttps://usn.ubuntu.com/usn/usn-4118-1\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://www.cve.org/CVERecord?id=CVE-2019-10638\nhttps://www.debian.org/security/2019/dsa-4495\nhttps://www.debian.org/security/2019/dsa-4497\nhttps://www.oracle.com/security-alerts/cpuApr2021.html\nhttps://www.suse.com/security/cve/CVE-2019-10638/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200, CWE-326",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CVE-2019-10638 (GCVE-0-2019-10638)

Vulnerability from cvelistv5 – Published: 2019-07-05 22:07 – Updated: 2024-08-04 22:31

Summary

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/109092	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.debian.org/security/2019/dsa-4495	vendor-advisoryx_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/13	mailing-listx_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/18	mailing-listx_refsource_BUGTRAQ
	https://www.debian.org/security/2019/dsa-4497	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4117-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4114-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4115-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4116-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/4118-1/	vendor-advisoryx_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:3309	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3517	vendor-advisoryx_refsource_REDHAT
	https://seclists.org/bugtraq/2019/Nov/11	mailing-listx_refsource_BUGTRAQ
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://github.com/torvalds/linux/commit/355b9855…	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torv…	x_refsource_MISC
	https://arxiv.org/pdf/1906.10478.pdf	x_refsource_MISC
	https://github.com/torvalds/linux/commit/55f0fc7a…	x_refsource_MISC
	https://github.com/torvalds/linux/commit/df453700…	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torv…	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2019080…	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/155212/Slack…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:31:59.920Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "109092",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109092"
          },
          {
            "name": "openSUSE-SU-2019:1716",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
          },
          {
            "name": "openSUSE-SU-2019:1757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
          },
          {
            "name": "DSA-4495",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4495"
          },
          {
            "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/13"
          },
          {
            "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/18"
          },
          {
            "name": "DSA-4497",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4497"
          },
          {
            "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
          },
          {
            "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
          },
          {
            "name": "USN-4117-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4117-1/"
          },
          {
            "name": "USN-4114-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4114-1/"
          },
          {
            "name": "USN-4115-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4115-1/"
          },
          {
            "name": "USN-4116-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4116-1/"
          },
          {
            "name": "USN-4118-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4118-1/"
          },
          {
            "name": "RHSA-2019:3309",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3309"
          },
          {
            "name": "RHSA-2019:3517",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3517"
          },
          {
            "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://arxiv.org/pdf/1906.10478.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-14T17:20:06.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "109092",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109092"
        },
        {
          "name": "openSUSE-SU-2019:1716",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
        },
        {
          "name": "openSUSE-SU-2019:1757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
        },
        {
          "name": "DSA-4495",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4495"
        },
        {
          "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/13"
        },
        {
          "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/18"
        },
        {
          "name": "DSA-4497",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4497"
        },
        {
          "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
        },
        {
          "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
        },
        {
          "name": "USN-4117-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4117-1/"
        },
        {
          "name": "USN-4114-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4114-1/"
        },
        {
          "name": "USN-4115-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4115-1/"
        },
        {
          "name": "USN-4116-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4116-1/"
        },
        {
          "name": "USN-4118-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4118-1/"
        },
        {
          "name": "RHSA-2019:3309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3309"
        },
        {
          "name": "RHSA-2019:3517",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3517"
        },
        {
          "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://arxiv.org/pdf/1906.10478.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-10638",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "109092",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109092"
            },
            {
              "name": "openSUSE-SU-2019:1716",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2019:1757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"
            },
            {
              "name": "DSA-4495",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4495"
            },
            {
              "name": "20190812 [SECURITY] [DSA 4495-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/13"
            },
            {
              "name": "20190813 [SECURITY] [DSA 4497-1] linux security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/18"
            },
            {
              "name": "DSA-4497",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4497"
            },
            {
              "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"
            },
            {
              "name": "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"
            },
            {
              "name": "USN-4117-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4117-1/"
            },
            {
              "name": "USN-4114-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4114-1/"
            },
            {
              "name": "USN-4115-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4115-1/"
            },
            {
              "name": "USN-4116-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4116-1/"
            },
            {
              "name": "USN-4118-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4118-1/"
            },
            {
              "name": "RHSA-2019:3309",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3309"
            },
            {
              "name": "RHSA-2019:3517",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3517"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92"
            },
            {
              "name": "https://arxiv.org/pdf/1906.10478.pdf",
              "refsource": "MISC",
              "url": "https://arxiv.org/pdf/1906.10478.pdf"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702"
            },
            {
              "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702",
              "refsource": "MISC",
              "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190806-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
            },
            {
              "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-10638",
    "datePublished": "2019-07-05T22:07:13.000Z",
    "dateReserved": "2019-03-29T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:31:59.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-02915

CVE-2019-10638 (GCVE-0-2019-10638)

Tags

Sightings

Nomenclature