VAR-201902-0242
Vulnerability from variot - Updated: 2026-04-10 23:17In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:3967-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3967 Issue date: 2019-11-26 CVE Names: CVE-2017-18208 CVE-2018-9568 CVE-2018-10902 CVE-2018-18559 CVE-2019-3900 CVE-2019-5489 CVE-2019-6974 CVE-2019-7221 ==================================================================== 1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, x86_64
Security Fix(es):
-
kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568)
-
kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)
-
kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559)
-
Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)
-
Kernel: page cache side channel attacks (CVE-2019-5489)
-
Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)
-
Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)
-
kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service (CVE-2017-18208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
A cluster node has multiple hung "mv" processes that are accessing a gfs2 filesystem. (BZ#1716321)
-
Growing unreclaimable slab memory (BZ#1741918)
-
[LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ#1748236)
-
kernel build: parallelize redhat/mod-sign.sh (BZ#1755328)
-
kernel build: speed up module compression step (BZ#1755337)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1551565 - CVE-2017-18208 kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service 1590720 - CVE-2018-10902 kernel: MIDI driver race condition leads to a double-free 1641878 - CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation 1655904 - CVE-2018-9568 kernel: Memory corruption due to incorrect socket cloning 1664110 - CVE-2019-5489 Kernel: page cache side channel attacks 1671904 - CVE-2019-7221 Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer 1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() 1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
- Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.5):
Source: kernel-3.10.0-862.44.2.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.44.2.el7.noarch.rpm kernel-doc-3.10.0-862.44.2.el7.noarch.rpm
x86_64: kernel-3.10.0-862.44.2.el7.x86_64.rpm kernel-debug-3.10.0-862.44.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.44.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.44.2.el7.x86_64.rpm kernel-devel-3.10.0-862.44.2.el7.x86_64.rpm kernel-headers-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.44.2.el7.x86_64.rpm perf-3.10.0-862.44.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm python-perf-3.10.0-862.44.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):
x86_64: kernel-debug-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.44.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: kernel-3.10.0-862.44.2.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-862.44.2.el7.noarch.rpm kernel-doc-3.10.0-862.44.2.el7.noarch.rpm
ppc64: kernel-3.10.0-862.44.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.44.2.el7.ppc64.rpm kernel-debug-3.10.0-862.44.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.44.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.44.2.el7.ppc64.rpm kernel-devel-3.10.0-862.44.2.el7.ppc64.rpm kernel-headers-3.10.0-862.44.2.el7.ppc64.rpm kernel-tools-3.10.0-862.44.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.44.2.el7.ppc64.rpm perf-3.10.0-862.44.2.el7.ppc64.rpm perf-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm python-perf-3.10.0-862.44.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm
ppc64le: kernel-3.10.0-862.44.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.44.2.el7.ppc64le.rpm kernel-debug-3.10.0-862.44.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.44.2.el7.ppc64le.rpm kernel-devel-3.10.0-862.44.2.el7.ppc64le.rpm kernel-headers-3.10.0-862.44.2.el7.ppc64le.rpm kernel-tools-3.10.0-862.44.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.44.2.el7.ppc64le.rpm perf-3.10.0-862.44.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm python-perf-3.10.0-862.44.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm
s390x: kernel-3.10.0-862.44.2.el7.s390x.rpm kernel-debug-3.10.0-862.44.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.44.2.el7.s390x.rpm kernel-debug-devel-3.10.0-862.44.2.el7.s390x.rpm kernel-debuginfo-3.10.0-862.44.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.44.2.el7.s390x.rpm kernel-devel-3.10.0-862.44.2.el7.s390x.rpm kernel-headers-3.10.0-862.44.2.el7.s390x.rpm kernel-kdump-3.10.0-862.44.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.44.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.44.2.el7.s390x.rpm perf-3.10.0-862.44.2.el7.s390x.rpm perf-debuginfo-3.10.0-862.44.2.el7.s390x.rpm python-perf-3.10.0-862.44.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.44.2.el7.s390x.rpm
x86_64: kernel-3.10.0-862.44.2.el7.x86_64.rpm kernel-debug-3.10.0-862.44.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.44.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.44.2.el7.x86_64.rpm kernel-devel-3.10.0-862.44.2.el7.x86_64.rpm kernel-headers-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.44.2.el7.x86_64.rpm perf-3.10.0-862.44.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm python-perf-3.10.0-862.44.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.5):
ppc64: kernel-debug-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.44.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.44.2.el7.ppc64.rpm perf-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm
ppc64le: kernel-debug-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.44.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.44.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.44.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm
x86_64: kernel-debug-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.44.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXd0SLdzjgjWX9erEAQizmBAAnYmgeloppBNbqKKX/6kgbHiVi+JaGenp 8iLuLNShMoqmcVKe6JxVn179q7nh6EoI32nKP22XCd+rUquEKP0ne91ieKsw1W0b UIG9zgNJQbncTN92M6BmbuOgbshpVrcCG05mTLaxcwKao451y+qQ3l8t7I4YiM/T kjRFUPFHOS47gFO3k4zbLAhV0h9S+16GPxUv7q5BqsjNSeExQ4LOOT6KkUHZQmIo fDiYRmv6az5OTjiF5Zd9tjFiTHyvyK3YF4bGn0dg9Z9kWM5mQ9ghVppjs0xCYfAk OVZswNAucJY0kDQiG1BRlO8qMz6xLVmNiJdtyHpk9xYrNSqM9dAX8dZJim33i5kg cr21fq9GX3aXZft8VEh8piqXlfp5wkaWk+nj54AK04JFGyrXOs09c8Os0ykRPBQv wr430NyI8UuXYCNlvAcHSuNGTgXjoNntA9beNuVuycGPdEptqMjbZI4z/XO+OEOG QvY3qsMXCzJhEBzwe882epwZ4tKr53XRGcau1wPfXBT8L3vYXLaonI9bGWGtGonu XYeydBL4TiFg7THA5FXcBATa446m/8i0ITdQWD/TWU5fEQGCVnnOajdLjPbyhQp5 b4HmExJHmlEb/RntXuCB2Hx85xowewmuHmJdF6UdYKXh7/o8bTJGrzecN+UIYJNk 3uOOf3HUz1Y=9sj1 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3930-2 April 02, 2019
linux-hwe, linux-azure vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement (HWE) kernel
Details:
USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.
Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824)
Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460)
Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974)
Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221)
Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222)
Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308)
It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912)
Jakub Jirasek discovered a use-after-free vulnerability in the SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8956)
It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980)
It was discovered that a use-after-free vulnerability existed in the IPMI implementation in the Linux kernel. A local attacker with access to the IPMI character device files could use this to cause a denial of service (system crash). (CVE-2019-9003)
Jann Horn discovered that the SNMP NAT implementation in the Linux kernel performed insufficient ASN.1 length checks. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9162)
Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: linux-image-4.18.0-1014-azure 4.18.0-1014.14~18.04.1 linux-image-4.18.0-17-generic 4.18.0-17.18~18.04.1 linux-image-4.18.0-17-generic-lpae 4.18.0-17.18~18.04.1 linux-image-4.18.0-17-lowlatency 4.18.0-17.18~18.04.1 linux-image-4.18.0-17-snapdragon 4.18.0-17.18~18.04.1 linux-image-azure 4.18.0.1014.13 linux-image-generic-hwe-18.04 4.18.0.17.67 linux-image-generic-lpae-hwe-18.04 4.18.0.17.67 linux-image-lowlatency-hwe-18.04 4.18.0.17.67 linux-image-snapdragon-hwe-18.04 4.18.0.17.67 linux-image-virtual-hwe-18.04 4.18.0.17.67
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/usn/usn-3930-2 https://usn.ubuntu.com/usn/usn-3930-1 CVE-2018-19824, CVE-2019-3459, CVE-2019-3460, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222, CVE-2019-7308, CVE-2019-8912, CVE-2019-8956, CVE-2019-8980, CVE-2019-9003, CVE-2019-9162, CVE-2019-9213
Package Information: https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1014.14~18.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-17.18~18.04.1
. 7) - noarch, x86_64
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Bug Fix(es):
-
VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] (BZ#1688673)
-
kernel-rt: update to the RHEL7.6.z batch#4 source tree (BZ#1689417)
Users of kernel are advised to upgrade to these updated packages, which fix these bugs. Bugs fixed (https://bugzilla.redhat.com/):
1671904 - CVE-2019-7221 Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer 1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() 1688673 - VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] 1689417 - kernel-rt: update to the RHEL7.6.z batch#4 source tree
-
7) - aarch64, noarch, ppc64le
Bug Fix(es):
-
[kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967)
-
[HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534)
-
RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1673613)
-
RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979)
-
RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ#1710304)
-
kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)
-
RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836)
-
RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ#1717906)
-
fragmented packets timing out (BZ#1729066)
-
Backport TCP follow-up for small buffers (BZ#1733617)
Enhancement(s):
- RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)
4
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.19"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.176"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.18.136"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.10"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.11"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.156"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.99"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.10"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.16.64"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.21"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.20.8"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"_id": null,
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"_id": null,
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.17"
},
{
"_id": null,
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"_id": null,
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6974"
}
]
},
"credits": {
"_id": null,
"data": "Google Security Research,Red Hat,The vendor reported this issue.,Jann Horn",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-612"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6974",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-6974",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-158409",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2019-6974",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6974",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-612",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158409",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6974",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158409"
},
{
"db": "VULMON",
"id": "CVE-2019-6974"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-612"
},
{
"db": "NVD",
"id": "CVE-2019-6974"
}
]
},
"description": {
"_id": null,
"data": "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2019:3967-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3967\nIssue date: 2019-11-26\nCVE Names: CVE-2017-18208 CVE-2018-9568 CVE-2018-10902\n CVE-2018-18559 CVE-2019-3900 CVE-2019-5489\n CVE-2019-6974 CVE-2019-7221\n====================================================================\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.5\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568)\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: Use-after-free due to race condition in AF_PACKET implementation\n(CVE-2018-18559)\n\n* Kernel: vhost_net: infinite loop while receiving packets leads to DoS\n(CVE-2019-3900)\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the\npreemption timer (CVE-2019-7221)\n\n* kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed()\nfunction allows local denial of service (CVE-2017-18208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* A cluster node has multiple hung \"mv\" processes that are accessing a gfs2\nfilesystem. (BZ#1716321)\n\n* Growing unreclaimable slab memory (BZ#1741918)\n\n* [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group\n(BZ#1748236)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755328)\n\n* kernel build: speed up module compression step (BZ#1755337)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1551565 - CVE-2017-18208 kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service\n1590720 - CVE-2018-10902 kernel: MIDI driver race condition leads to a double-free\n1641878 - CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation\n1655904 - CVE-2018-9568 kernel: Memory corruption due to incorrect socket cloning\n1664110 - CVE-2019-5489 Kernel: page cache side channel attacks\n1671904 - CVE-2019-7221 Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer\n1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.5):\n\nSource:\nkernel-3.10.0-862.44.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.44.2.el7.noarch.rpm\nkernel-doc-3.10.0-862.44.2.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debug-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-devel-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-headers-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.44.2.el7.x86_64.rpm\nperf-3.10.0-862.44.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\npython-perf-3.10.0-862.44.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.44.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nkernel-3.10.0-862.44.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-862.44.2.el7.noarch.rpm\nkernel-doc-3.10.0-862.44.2.el7.noarch.rpm\n\nppc64:\nkernel-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-debug-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-devel-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-headers-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-tools-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-862.44.2.el7.ppc64.rpm\nperf-3.10.0-862.44.2.el7.ppc64.rpm\nperf-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\npython-perf-3.10.0-862.44.2.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\n\nppc64le:\nkernel-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-debug-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-devel-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-headers-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-tools-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-862.44.2.el7.ppc64le.rpm\nperf-3.10.0-862.44.2.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\npython-perf-3.10.0-862.44.2.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\n\ns390x:\nkernel-3.10.0-862.44.2.el7.s390x.rpm\nkernel-debug-3.10.0-862.44.2.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-862.44.2.el7.s390x.rpm\nkernel-debug-devel-3.10.0-862.44.2.el7.s390x.rpm\nkernel-debuginfo-3.10.0-862.44.2.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-862.44.2.el7.s390x.rpm\nkernel-devel-3.10.0-862.44.2.el7.s390x.rpm\nkernel-headers-3.10.0-862.44.2.el7.s390x.rpm\nkernel-kdump-3.10.0-862.44.2.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-862.44.2.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-862.44.2.el7.s390x.rpm\nperf-3.10.0-862.44.2.el7.s390x.rpm\nperf-debuginfo-3.10.0-862.44.2.el7.s390x.rpm\npython-perf-3.10.0-862.44.2.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-862.44.2.el7.s390x.rpm\n\nx86_64:\nkernel-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debug-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-devel-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-headers-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-862.44.2.el7.x86_64.rpm\nperf-3.10.0-862.44.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\npython-perf-3.10.0-862.44.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.5):\n\nppc64:\nkernel-debug-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-862.44.2.el7.ppc64.rpm\nperf-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-862.44.2.el7.ppc64.rpm\n\nppc64le:\nkernel-debug-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-862.44.2.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-862.44.2.el7.ppc64le.rpm\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-862.44.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-862.44.2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXd0SLdzjgjWX9erEAQizmBAAnYmgeloppBNbqKKX/6kgbHiVi+JaGenp\n8iLuLNShMoqmcVKe6JxVn179q7nh6EoI32nKP22XCd+rUquEKP0ne91ieKsw1W0b\nUIG9zgNJQbncTN92M6BmbuOgbshpVrcCG05mTLaxcwKao451y+qQ3l8t7I4YiM/T\nkjRFUPFHOS47gFO3k4zbLAhV0h9S+16GPxUv7q5BqsjNSeExQ4LOOT6KkUHZQmIo\nfDiYRmv6az5OTjiF5Zd9tjFiTHyvyK3YF4bGn0dg9Z9kWM5mQ9ghVppjs0xCYfAk\nOVZswNAucJY0kDQiG1BRlO8qMz6xLVmNiJdtyHpk9xYrNSqM9dAX8dZJim33i5kg\ncr21fq9GX3aXZft8VEh8piqXlfp5wkaWk+nj54AK04JFGyrXOs09c8Os0ykRPBQv\nwr430NyI8UuXYCNlvAcHSuNGTgXjoNntA9beNuVuycGPdEptqMjbZI4z/XO+OEOG\nQvY3qsMXCzJhEBzwe882epwZ4tKr53XRGcau1wPfXBT8L3vYXLaonI9bGWGtGonu\nXYeydBL4TiFg7THA5FXcBATa446m/8i0ITdQWD/TWU5fEQGCVnnOajdLjPbyhQp5\nb4HmExJHmlEb/RntXuCB2Hx85xowewmuHmJdF6UdYKXh7/o8bTJGrzecN+UIYJNk\n3uOOf3HUz1Y=9sj1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3930-2\nApril 02, 2019\n\nlinux-hwe, linux-azure vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-azure: Linux kernel for Microsoft Azure Cloud systems\n- linux-hwe: Linux hardware enablement (HWE) kernel\n\nDetails:\n\nUSN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. \nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. \n\nMathias Payer and Hui Peng discovered a use-after-free vulnerability in the\nAdvanced Linux Sound Architecture (ALSA) subsystem. A physically proximate\nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-19824)\n\nShlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information\nleak in the Bluetooth implementation of the Linux kernel. An attacker\nwithin Bluetooth range could use this to expose sensitive information\n(kernel memory). (CVE-2019-3459, CVE-2019-3460)\n\nJann Horn discovered that the KVM implementation in the Linux kernel\ncontained a use-after-free vulnerability. An attacker in a guest VM with\naccess to /dev/kvm could use this to cause a denial of service (guest VM\ncrash). (CVE-2019-6974)\n\nJim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in\nthe KVM subsystem of the Linux kernel, when using nested virtual machines. \nA local attacker in a guest VM could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code in the host system. \n(CVE-2019-7221)\n\nFelix Wilhelm discovered that an information leak vulnerability existed in\nthe KVM subsystem of the Linux kernel, when nested virtualization is used. \nA local attacker could use this to expose sensitive information (host\nsystem memory to a guest VM). (CVE-2019-7222)\n\nJann Horn discovered that the eBPF implementation in the Linux kernel was\ninsufficiently hardened against Spectre V1 attacks. A local attacker could\nuse this to expose sensitive information. (CVE-2019-7308)\n\nIt was discovered that a use-after-free vulnerability existed in the user-\nspace API for crypto (af_alg) implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2019-8912)\n\nJakub Jirasek discovered a use-after-free vulnerability in the SCTP\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-8956)\n\nIt was discovered that the Linux kernel did not properly deallocate memory\nwhen handling certain errors while reading files. A local attacker could\nuse this to cause a denial of service (excessive memory consumption). \n(CVE-2019-8980)\n\nIt was discovered that a use-after-free vulnerability existed in the IPMI\nimplementation in the Linux kernel. A local attacker with access to the\nIPMI character device files could use this to cause a denial of service\n(system crash). (CVE-2019-9003)\n\nJann Horn discovered that the SNMP NAT implementation in the Linux kernel\nperformed insufficient ASN.1 length checks. An attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-9162)\n\nJann Horn discovered that the mmap implementation in the Linux kernel did\nnot properly check for the mmap minimum address in some situations. A local\nattacker could use this to assist exploiting a kernel NULL pointer\ndereference vulnerability. (CVE-2019-9213)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n linux-image-4.18.0-1014-azure 4.18.0-1014.14~18.04.1\n linux-image-4.18.0-17-generic 4.18.0-17.18~18.04.1\n linux-image-4.18.0-17-generic-lpae 4.18.0-17.18~18.04.1\n linux-image-4.18.0-17-lowlatency 4.18.0-17.18~18.04.1\n linux-image-4.18.0-17-snapdragon 4.18.0-17.18~18.04.1\n linux-image-azure 4.18.0.1014.13\n linux-image-generic-hwe-18.04 4.18.0.17.67\n linux-image-generic-lpae-hwe-18.04 4.18.0.17.67\n linux-image-lowlatency-hwe-18.04 4.18.0.17.67\n linux-image-snapdragon-hwe-18.04 4.18.0.17.67\n linux-image-virtual-hwe-18.04 4.18.0.17.67\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3930-2\n https://usn.ubuntu.com/usn/usn-3930-1\n CVE-2018-19824, CVE-2019-3459, CVE-2019-3460, CVE-2019-6974,\n CVE-2019-7221, CVE-2019-7222, CVE-2019-7308, CVE-2019-8912,\n CVE-2019-8956, CVE-2019-8980, CVE-2019-9003, CVE-2019-9162,\n CVE-2019-9213\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1014.14~18.04.1\n https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-17.18~18.04.1\n\n. 7) - noarch, x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\n* VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] (BZ#1688673)\n\n* kernel-rt: update to the RHEL7.6.z batch#4 source tree (BZ#1689417)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix\nthese bugs. Bugs fixed (https://bugzilla.redhat.com/):\n\n1671904 - CVE-2019-7221 Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer\n1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n1688673 - VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z]\n1689417 - kernel-rt: update to the RHEL7.6.z batch#4 source tree\n\n6. 7) - aarch64, noarch, ppc64le\n\n3. \n\nBug Fix(es):\n\n* [kernel-alt]: BUG: unable to handle kernel NULL pointer IP:\ncrypto_remove_spawns+0x118/0x2e0 (BZ#1536967)\n\n* [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages\n(BZ#1610534)\n\n* RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration\n/ powerpc/pseries/mobility: Extend start/stop topology update scope (LPM)\n(BZ#1673613)\n\n* RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in\nFIPS mode (BZ#1673979)\n\n* RHEL-Alt-7.6 - System crashed after oom - During ICP deployment\n(BZ#1710304)\n\n* kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)\n\n* RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3\ncores in quad and misses last core. (CORAL) (BZ#1717836)\n\n* RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN\n(BZ#1717906)\n\n* fragmented packets timing out (BZ#1729066)\n\n* Backport TCP follow-up for small buffers (BZ#1733617)\n\nEnhancement(s):\n\n* RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading\nnest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6974"
},
{
"db": "VULHUB",
"id": "VHN-158409"
},
{
"db": "VULMON",
"id": "CVE-2019-6974"
},
{
"db": "PACKETSTORM",
"id": "152369"
},
{
"db": "PACKETSTORM",
"id": "155466"
},
{
"db": "PACKETSTORM",
"id": "152377"
},
{
"db": "PACKETSTORM",
"id": "152370"
},
{
"db": "PACKETSTORM",
"id": "152593"
},
{
"db": "PACKETSTORM",
"id": "152380"
},
{
"db": "PACKETSTORM",
"id": "152373"
},
{
"db": "PACKETSTORM",
"id": "154553"
}
],
"trust": 1.8
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-158409",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=46388",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158409"
},
{
"db": "VULMON",
"id": "CVE-2019-6974"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-6974",
"trust": 2.6
},
{
"db": "BID",
"id": "107127",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "46388",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "151690",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201902-612",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155466",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155951",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0675",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0927.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0151",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4349",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4486",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152593",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "152598",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-158409",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6974",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152369",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152377",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152380",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152373",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154553",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158409"
},
{
"db": "VULMON",
"id": "CVE-2019-6974"
},
{
"db": "PACKETSTORM",
"id": "152369"
},
{
"db": "PACKETSTORM",
"id": "155466"
},
{
"db": "PACKETSTORM",
"id": "152377"
},
{
"db": "PACKETSTORM",
"id": "152370"
},
{
"db": "PACKETSTORM",
"id": "152593"
},
{
"db": "PACKETSTORM",
"id": "152380"
},
{
"db": "PACKETSTORM",
"id": "152373"
},
{
"db": "PACKETSTORM",
"id": "154553"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-612"
},
{
"db": "NVD",
"id": "CVE-2019-6974"
}
]
},
"id": "VAR-201902-0242",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158409"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:17:00.959000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Linux kernel Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89404"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190818 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel-rt security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190833 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200103 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-6974",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-6974"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193967 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-6974"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1165",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1165"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1165",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1165"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3933-1"
},
{
"title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities (CVE-2019-7221, CVE-2019-6974, CVE-2018-17972, CVE-2018-9568)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3834ad0670b59206d9d7424b96a80d4a"
},
{
"title": "Ubuntu Security Notice: linux-lts-trusty vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3933-2"
},
{
"title": "Ubuntu Security Notice: linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3931-2"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3931-1"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3930-1"
},
{
"title": "Ubuntu Security Notice: linux-hwe, linux-azure vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3930-2"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0cf12ffad0c479958deb0741d0970b4e"
},
{
"title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3932-2"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3932-1"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3e8fb0a522dbdc0368aab05e3c3fb62c"
},
{
"title": "Paper310",
"trust": 0.1,
"url": "https://github.com/Sec20-Paper310/Paper310 "
},
{
"title": "cve_diff_checker",
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-6974"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-612"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-362",
"trust": 1.1
},
{
"problemtype": "CWE-416",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158409"
},
{
"db": "NVD",
"id": "CVE-2019-6974"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3967"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/107127"
},
{
"trust": 2.4,
"url": "https://support.f5.com/csp/article/k11186236"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2020:0103"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:0818"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:0833"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2809"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/46388/"
},
{
"trust": 1.8,
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9"
},
{
"trust": 1.8,
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/changelog-4.19.21"
},
{
"trust": 1.8,
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/changelog-4.20.8"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhba-2019:0959"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6974"
},
{
"trust": 1.2,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1765"
},
{
"trust": 1.2,
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/changelog-4.14.99"
},
{
"trust": 1.2,
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/changelog-4.9.156"
},
{
"trust": 1.2,
"url": "https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k11186236?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-6974"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/46388"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7221"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k11186236?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9exploitpatchthird party advisory"
},
{
"trust": 0.6,
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/changelog-4.9.156vendor advisory"
},
{
"trust": 0.6,
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/changelog-4.20.8vendor advisory"
},
{
"trust": 0.6,
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/changelog-4.19.21vendor advisory"
},
{
"trust": 0.6,
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/changelog-4.14.99vendor advisory"
},
{
"trust": 0.6,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1765exploitmailing listpatchthird party advisory"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190683-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190541-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0151/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77542"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4349/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155951/red-hat-security-advisory-2020-0103-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76474"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/151690/linux-kvm/ioctl/create/device-reference-flow-failure.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-kvm-ioctl-create-device-28494"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155466/red-hat-security-advisory-2019-3967-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4486/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9213"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7222"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19824"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7308"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8912"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8980"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9162"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8956"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9003"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3930-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5489"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-7221"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5489"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3460"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k11186236?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/sec20-paper310/paper310"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.18.0-1008.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1014.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.18.0-1012.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.18.0-17.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.18.0-1011.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.18.0-1009.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18208"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18208"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9568"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3819"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3932-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14616"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3932-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14614"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1040.43"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-144.170~14.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14613"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1014.14~18.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3930-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-17.18~18.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3933-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3933-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000410"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1035.40"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1033.35"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1031.31"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18021"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-47.50"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14678"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1035.37"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3931-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1029.31"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1010.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13272"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158409"
},
{
"db": "VULMON",
"id": "CVE-2019-6974"
},
{
"db": "PACKETSTORM",
"id": "152369"
},
{
"db": "PACKETSTORM",
"id": "155466"
},
{
"db": "PACKETSTORM",
"id": "152377"
},
{
"db": "PACKETSTORM",
"id": "152370"
},
{
"db": "PACKETSTORM",
"id": "152593"
},
{
"db": "PACKETSTORM",
"id": "152380"
},
{
"db": "PACKETSTORM",
"id": "152373"
},
{
"db": "PACKETSTORM",
"id": "154553"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-612"
},
{
"db": "NVD",
"id": "CVE-2019-6974"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-158409",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-6974",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152369",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155466",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152377",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152370",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152593",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152380",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152373",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154553",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201902-612",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-6974",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-158409",
"ident": null
},
{
"date": "2019-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6974",
"ident": null
},
{
"date": "2019-04-03T17:11:08",
"db": "PACKETSTORM",
"id": "152369",
"ident": null
},
{
"date": "2019-11-26T17:21:57",
"db": "PACKETSTORM",
"id": "155466",
"ident": null
},
{
"date": "2019-04-03T17:16:18",
"db": "PACKETSTORM",
"id": "152377",
"ident": null
},
{
"date": "2019-04-03T17:11:24",
"db": "PACKETSTORM",
"id": "152370",
"ident": null
},
{
"date": "2019-04-23T16:28:16",
"db": "PACKETSTORM",
"id": "152593",
"ident": null
},
{
"date": "2019-04-03T17:18:08",
"db": "PACKETSTORM",
"id": "152380",
"ident": null
},
{
"date": "2019-04-03T17:13:58",
"db": "PACKETSTORM",
"id": "152373",
"ident": null
},
{
"date": "2019-09-20T15:08:09",
"db": "PACKETSTORM",
"id": "154553",
"ident": null
},
{
"date": "2019-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-612",
"ident": null
},
{
"date": "2019-02-15T15:29:00.250000",
"db": "NVD",
"id": "CVE-2019-6974",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-158409",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6974",
"ident": null
},
{
"date": "2022-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-612",
"ident": null
},
{
"date": "2024-11-21T04:47:20.457000",
"db": "NVD",
"id": "CVE-2019-6974",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-612"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Linux kernel Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-612"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-612"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.