Vulnerability Details : CVE-2019-7308
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
Exploit prediction scoring system (EPSS) score for CVE-2019-7308
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-7308
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.7
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:N/A:N |
3.4
|
6.9
|
NIST |
5.6
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
1.1
|
4.0
|
NIST |
CWE ids for CVE-2019-7308
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-7308
-
https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda
bpf: fix sanitation of alu op with pointer / scalar type from differe… · torvalds/linux@d3bd741 · GitHubPatch;Third Party Advisory
-
https://support.f5.com/csp/article/K43030517?utm_source=f5support&utm_medium=RSS
-
https://support.f5.com/csp/article/K43030517
Article: K43030517 - Linux kernel BPF vulnerability CVE-2019-7308
-
http://www.securityfocus.com/bid/106827
Linux kernel 'kernel/bpf/verifier.c' Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Third Party Advisory
-
https://usn.ubuntu.com/3930-1/
USN-3930-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3931-1/
USN-3931-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
bpf: prevent out of bounds speculation on pointer arithmetic · torvalds/linux@979d63d · GitHubPatch;Third Party Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6
Third Party Advisory
-
https://usn.ubuntu.com/3931-2/
USN-3931-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html
[security-announce] openSUSE-SU-2019:1193-1: important: Security updateThird Party Advisory
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
1711 - Linux: eBPF Spectre v1 mitigation is insufficient - project-zero - MonorailIssue Tracking;Patch;Third Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Third Party Advisory
-
https://usn.ubuntu.com/3930-2/
USN-3930-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
Products affected by CVE-2019-7308
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*