PT-2019-2536 · Linux+3 · Linux Kernel+3

Jann Horn

Publicado

2019-01-02

Atualizado

2019-09-24

CVE-2019-7308

CVSS v3.1

5.6

Média

Vetor

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.20.6

Description The issue is related to undesirable out-of-bounds speculation on pointer arithmetic in the Linux kernel, specifically in kernel/bpf/verifier.c. This can lead to side-channel attacks. The vulnerability is associated with pointer offset beyond permissible values, which can be exploited to implement side-channel attacks.

Recommendations For Linux kernel versions prior to 4.20.6, update to version 4.20.6 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-189

Identificadores relacionados

ALT-PU-2019-1162

ALT-PU-2019-1231

ALT-PU-2019-1433

BDU:2019-02381

CVE-2019-7308

MGASA-2019-0170

MGASA-2019-0171

MGASA-2019-0172

OPENSUSE-SU-2019:1193-1

OPENSUSE-SU-2019_1193-1

SUSE-SU-2019:0765-1

SUSE-SU-2019:0767-1

SUSE-SU-2019:0784-1

SUSE-SU-2019:0785-1

USN-3930-1

USN-3930-2

USN-3931-1

USN-3931-2

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2019-2536 · Linux+3 · Linux Kernel+3

CVE-2019-7308

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 386