Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-458
Vulnerability from certfr_avis - Published: 2019-09-24 - Updated: 2019-09-25
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12817"
},
{
"name": "CVE-2018-16880",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16880"
},
{
"name": "CVE-2019-11478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
},
{
"name": "CVE-2019-10124",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10124"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2019-11810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
},
{
"name": "CVE-2018-16871",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16871"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-8564",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8564"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-20855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20855"
},
{
"name": "CVE-2019-11833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11833"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-11811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11811"
},
{
"name": "CVE-2019-11085",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11085"
},
{
"name": "CVE-2019-3846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3846"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-12380",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12380"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-14284",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14284"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-11479",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
},
{
"name": "CVE-2019-9003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9003"
},
{
"name": "CVE-2019-9500",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9500"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-12456",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12456"
},
{
"name": "CVE-2019-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12818"
},
{
"name": "CVE-2019-11815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11815"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-11599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11599"
},
{
"name": "CVE-2019-10126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10126"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-11486",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11486"
},
{
"name": "CVE-2019-3882",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3882"
},
{
"name": "CVE-2019-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13631"
},
{
"name": "CVE-2019-12819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12819"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
}
],
"initial_release_date": "2019-09-24T00:00:00",
"last_revision_date": "2019-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-458",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-24T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 SUSE suse-su-20192450-1 du 24 septembre 2019",
"revision_date": "2019-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20192430-1 du 23 septembre 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192430-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20192450-1 du 24 septembre 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192450-1/"
}
]
}
CVE-2019-5489 (GCVE-0-2019-5489)
Vulnerability from cvelistv5 – Published: 2019-01-07 18:00 – Updated: 2024-08-04 19:54
VLAI
EPSS
Summary
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
32 references
Date Public
2019-01-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106478"
},
{
"name": "openSUSE-SU-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "DSA-4465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "openSUSE-SU-2019:1579",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:2473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"name": "RHSA-2019:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2808"
},
{
"name": "RHSA-2019:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2019:4056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
},
{
"name": "RHSA-2019:4159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4159"
},
{
"name": "RHSA-2019:4164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4164"
},
{
"name": "RHSA-2019:4255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/abs/1901.01161"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:23:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106478"
},
{
"name": "openSUSE-SU-2019:1479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "DSA-4465",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "openSUSE-SU-2019:1579",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:2473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"name": "RHSA-2019:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2808"
},
{
"name": "RHSA-2019:2837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"name": "RHSA-2019:2809",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2019:4056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
},
{
"name": "RHSA-2019:4159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4159"
},
{
"name": "RHSA-2019:4164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4164"
},
{
"name": "RHSA-2019:4255",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/abs/1901.01161"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106478"
},
{
"name": "openSUSE-SU-2019:1479",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
},
{
"name": "DSA-4465",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4465"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"name": "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1570",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
},
{
"name": "20190618 [SECURITY] [DSA 4465-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/26"
},
{
"name": "openSUSE-SU-2019:1579",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
},
{
"name": "RHSA-2019:2043",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "RHSA-2019:2473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2473"
},
{
"name": "RHSA-2019:2808",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2808"
},
{
"name": "RHSA-2019:2837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2837"
},
{
"name": "RHSA-2019:2809",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2809"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2019:4056",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
},
{
"name": "RHSA-2019:4159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4159"
},
{
"name": "RHSA-2019:4164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4164"
},
{
"name": "RHSA-2019:4255",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4255"
},
{
"name": "RHSA-2020:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/",
"refsource": "MISC",
"url": "https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1120843",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1120843"
},
{
"name": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"name": "https://arxiv.org/abs/1901.01161",
"refsource": "MISC",
"url": "https://arxiv.org/abs/1901.01161"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190307-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190307-0001/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5489",
"datePublished": "2019-01-07T18:00:00.000Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:54:53.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8564 (GCVE-0-2019-8564)
Vulnerability from cvelistv5 – Published: 2020-10-27 19:24 – Updated: 2024-08-04 21:24
VLAI
EPSS
Summary
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.
Severity
No CVSS data available.
CWE
- An attacker in a privileged network position can modify driver state
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT209600 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:29.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT209600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker in a privileged network position can modify driver state",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:24:59.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT209600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.14"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker in a privileged network position can modify driver state"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT209600",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT209600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8564",
"datePublished": "2020-10-27T19:24:59.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:24:29.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9003 (GCVE-0-2019-9003)
Vulnerability from cvelistv5 – Published: 2019-02-22 15:00 – Updated: 2024-08-04 21:31
VLAI
EPSS
Summary
In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107145 | vdb-entryx_refsource_BID |
| https://github.com/torvalds/linux/commit/77f82696… | x_refsource_MISC |
| https://cdn.kernel.org/pub/linux/kernel/v4.x/Chan… | x_refsource_MISC |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2019032… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/3930-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3930-2/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2019-02-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107145"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0002/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a \"service ipmievd restart\" loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T14:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "107145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107145"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190327-0002/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1404",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a \"service ipmievd restart\" loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107145"
},
{
"name": "https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/77f8269606bf95fcb232ee86f6da80886f1dfae8"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190327-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190327-0002/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "openSUSE-SU-2019:1404",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9003",
"datePublished": "2019-02-22T15:00:00.000Z",
"dateReserved": "2019-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:31:37.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9500 (GCVE-0-2019-9500)
Vulnerability from cvelistv5 – Published: 2020-01-16 20:35 – Updated: 2024-08-04 21:54
VLAI
EPSS
Title
Broadcom brcmfmac driver is vulnerable to a heap buffer overflow
Summary
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
Severity
7.9 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blog.quarkslab.com/reverse-engineering-br… | x_refsource_MISC |
| https://kb.cert.org/vuls/id/166939/ | x_refsource_MISC |
| https://git.kernel.org/linus/1b5e2423164b3670e8bc… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Broadcom | brcmfmac WiFi driver |
Affected:
commit prior to 1b5e2423164b3670e8bc9174e4762d297990deff
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/166939/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "brcmfmac WiFi driver",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "commit prior to 1b5e2423164b3670e8bc9174e4762d297990deff"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-16T20:35:17.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cert.org/vuls/id/166939/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff"
}
],
"solutions": [
{
"lang": "en",
"value": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff"
}
],
"source": {
"advisory": "VU#166939",
"discovery": "UNKNOWN"
},
"title": "Broadcom brcmfmac driver is vulnerable to a heap buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9500",
"STATE": "PUBLIC",
"TITLE": "Broadcom brcmfmac driver is vulnerable to a heap buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "brcmfmac WiFi driver",
"version": {
"version_data": [
{
"version_value": "commit prior to 1b5e2423164b3670e8bc9174e4762d297990deff"
}
]
}
}
]
},
"vendor_name": "Broadcom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html",
"refsource": "MISC",
"url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html"
},
{
"name": "https://kb.cert.org/vuls/id/166939/",
"refsource": "MISC",
"url": "https://kb.cert.org/vuls/id/166939/"
},
{
"name": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff",
"refsource": "MISC",
"url": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff"
}
]
},
"solution": [
{
"lang": "en",
"value": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff"
}
],
"source": {
"advisory": "VU#166939",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9500",
"datePublished": "2020-01-16T20:35:18.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9503 (GCVE-0-2019-9503)
Vulnerability from cvelistv5 – Published: 2020-01-16 20:35 – Updated: 2024-08-04 21:54
VLAI
EPSS
Title
Broadcom brcmfmac driver is vulnerable to a frame validation bypass
Summary
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
Severity
7.9 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://blog.quarkslab.com/reverse-engineering-br… | x_refsource_MISC |
| https://kb.cert.org/vuls/id/166939/ | x_refsource_MISC |
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1701842 | x_refsource_MISC |
| https://people.canonical.com/~ubuntu-security/cve… | x_refsource_MISC |
| https://bugzilla.suse.com/show_bug.cgi?id=1132828 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Broadcom | brcmfmac WiFi driver |
Affected:
commit prior to a4176ec356c73a46c07c181c6d04039fafa34a9f
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/166939/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701842"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9503.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1132828"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-9503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "brcmfmac WiFi driver",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "commit prior to a4176ec356c73a46c07c181c6d04039fafa34a9f"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T20:57:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cert.org/vuls/id/166939/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701842"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9503.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1132828"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-9503"
}
],
"solutions": [
{
"lang": "en",
"value": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f"
}
],
"source": {
"advisory": "VU#166939",
"discovery": "UNKNOWN"
},
"title": "Broadcom brcmfmac driver is vulnerable to a frame validation bypass",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9503",
"STATE": "PUBLIC",
"TITLE": "Broadcom brcmfmac driver is vulnerable to a frame validation bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "brcmfmac WiFi driver",
"version": {
"version_data": [
{
"version_value": "commit prior to a4176ec356c73a46c07c181c6d04039fafa34a9f"
}
]
}
}
]
},
"vendor_name": "Broadcom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html",
"refsource": "MISC",
"url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html"
},
{
"name": "https://kb.cert.org/vuls/id/166939/",
"refsource": "MISC",
"url": "https://kb.cert.org/vuls/id/166939/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1701842",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701842"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9503.html",
"refsource": "MISC",
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9503.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1132828",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1132828"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-9503",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-9503"
}
]
},
"solution": [
{
"lang": "en",
"value": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f"
}
],
"source": {
"advisory": "VU#166939",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9503",
"datePublished": "2020-01-16T20:35:18.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…