Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-7221 (GCVE-0-2019-7221)
Vulnerability from cvelistv5 – Published: 2019-03-17 18:26 – Updated: 2024-08-04 20:46
VLAI?
EPSS
Summary
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:44.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T11:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/02/18/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "https://support.f5.com/csp/article/K08413011",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7221",
"datePublished": "2019-03-17T18:26:10.000Z",
"dateReserved": "2019-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:44.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2019-AVI-121
Vulnerability from certfr_avis - Published: 2019-03-21 - Updated: 2019-03-21
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP1-LTSS |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
}
],
"initial_release_date": "2019-03-21T00:00:00",
"last_revision_date": "2019-03-21T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-121",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0672-1 du 20 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190672-1/"
}
]
}
CERTFR-2019-AVI-145
Vulnerability from certfr_avis - Published: 2019-04-03 - Updated: 2019-04-03
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 12.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-18360",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18360"
},
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2018-13100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13100"
},
{
"name": "CVE-2017-1000410",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000410"
},
{
"name": "CVE-2019-8980",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8980"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2019-8956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8956"
},
{
"name": "CVE-2018-14613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
},
{
"name": "CVE-2018-18021",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18021"
},
{
"name": "CVE-2017-18249",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18249"
},
{
"name": "CVE-2018-14616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14616"
},
{
"name": "CVE-2019-9003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9003"
},
{
"name": "CVE-2019-3819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3819"
},
{
"name": "CVE-2019-3701",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3701"
},
{
"name": "CVE-2019-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7308"
},
{
"name": "CVE-2018-13097",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13097"
},
{
"name": "CVE-2018-14678",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14678"
},
{
"name": "CVE-2018-13099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
},
{
"name": "CVE-2018-14614",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14614"
},
{
"name": "CVE-2018-14610",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14610"
},
{
"name": "CVE-2018-14612",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14612"
},
{
"name": "CVE-2018-16884",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16884"
},
{
"name": "CVE-2019-3460",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
},
{
"name": "CVE-2019-9162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9162"
},
{
"name": "CVE-2018-19824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19824"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
},
{
"name": "CVE-2019-7222",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7222"
},
{
"name": "CVE-2019-8912",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8912"
},
{
"name": "CVE-2018-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9517"
},
{
"name": "CVE-2018-14611",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14611"
},
{
"name": "CVE-2019-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
}
],
"initial_release_date": "2019-04-03T00:00:00",
"last_revision_date": "2019-04-03T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-145",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3931-2 du 02 avril 2019",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3930-1 du 02 avril 2019",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3932-2 du 02 avril 2019",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3931-1 du 02 avril 2019",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3933-1 du 02 avril 2019",
"url": "https://usn.ubuntu.com/3933-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3932-1 du 02 avril 2019",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3933-2 du 02 avril 2019",
"url": "https://usn.ubuntu.com/3933-2/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3930-2 du 02 avril 2019",
"url": "https://usn.ubuntu.com/3930-2/"
}
]
}
CERTFR-2019-AVI-131
Vulnerability from certfr_avis - Published: 2019-03-27 - Updated: 2019-03-29
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module pour Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Open Buildservice Development Tools 15 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Basesystem 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP4 | ||
| SUSE | N/A | SUSE CaaS Platform 3.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP3 | ||
| SUSE | N/A | SUSE CaaS Platform ALL | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Legacy Software 15 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Module pour Development Tools 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module pour Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Open Buildservice Development Tools 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Basesystem 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform ALL",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Legacy Software 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module pour Development Tools 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2024"
},
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2019-8980",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8980"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2018-12232",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12232"
},
{
"name": "CVE-2018-20669",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20669"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2019-3819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3819"
},
{
"name": "CVE-2019-7308",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7308"
},
{
"name": "CVE-2019-3460",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
},
{
"name": "CVE-2019-7222",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7222"
},
{
"name": "CVE-2019-8912",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8912"
},
{
"name": "CVE-2019-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
}
],
"initial_release_date": "2019-03-27T00:00:00",
"last_revision_date": "2019-03-29T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-131",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-27T00:00:00.000000"
},
{
"description": "Ajout d\u0027un bulletin de s\u00e9curit\u00e9",
"revision_date": "2019-03-28T00:00:00.000000"
},
{
"description": "Ajout de bulletins de s\u00e9curit\u00e9 et de syst\u00e8mes affect\u00e9s",
"revision_date": "2019-03-29T00:00:00.000000"
},
{
"description": "Ajout de bulletins de s\u00e9curit\u00e9 et de syst\u00e8mes affect\u00e9s",
"revision_date": "2019-03-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0754-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190754-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0745-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190745-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0785-1 du 28 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190785-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0740-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190740-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0784-1 du 28 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190784-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0761-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190761-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0767-1 du 27 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190767-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0765-1 du 26 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190765-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0801-1 du 29 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190801-1/"
}
]
}
CERTFR-2019-AVI-233
Vulnerability from certfr_avis - Published: 2019-05-20 - Updated: 2019-05-20
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module pour Public Cloud 12 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server pour SAP 12-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP2 | ||
| SUSE | N/A | OpenStack Cloud Magnum Orchestration 7 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP1-LTSS | ||
| SUSE | N/A | SUSE OpenStack Cloud 7 | ||
| SUSE | N/A | SUSE Enterprise Storage 4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server pour SAP 12-SP2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module pour Public Cloud 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server pour SAP 12-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "OpenStack Cloud Magnum Orchestration 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server pour SAP 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-18710",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18710"
},
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2017-7472",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7472"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2018-19407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19407"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-8564",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8564"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2017-1000407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000407"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2017-7273",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7273"
},
{
"name": "CVE-2018-18281",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18281"
},
{
"name": "CVE-2018-15572",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2018-18690",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18690"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-1128",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
},
{
"name": "CVE-2016-10741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10741"
},
{
"name": "CVE-2018-14633",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
},
{
"name": "CVE-2018-1091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1091"
},
{
"name": "CVE-2018-1120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1120"
},
{
"name": "CVE-2017-18174",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18174"
},
{
"name": "CVE-2018-16884",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16884"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2018-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
},
{
"name": "CVE-2019-3460",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
},
{
"name": "CVE-2019-11486",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11486"
},
{
"name": "CVE-2018-19824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19824"
},
{
"name": "CVE-2019-3882",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3882"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
},
{
"name": "CVE-2018-1129",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
},
{
"name": "CVE-2019-7222",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7222"
},
{
"name": "CVE-2017-16533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16533"
},
{
"name": "CVE-2016-8636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8636"
},
{
"name": "CVE-2018-18386",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18386"
},
{
"name": "CVE-2017-17741",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17741"
},
{
"name": "CVE-2019-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
}
],
"initial_release_date": "2019-05-20T00:00:00",
"last_revision_date": "2019-05-20T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-233",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1287-1 du 17 mai 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191287-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1289-1 du 17 mai 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191289-1/"
}
]
}
CERTFR-2019-AVI-117
Vulnerability from certfr_avis - Published: 2019-03-20 - Updated: 2019-03-20
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-LTSS |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
}
],
"initial_release_date": "2019-03-20T00:00:00",
"last_revision_date": "2019-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-117",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, un d\u00e9ni de service et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0645-1 du 19 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190645-1/"
}
]
}
CERTFR-2019-AVI-592
Vulnerability from certfr_avis - Published: 2019-11-26 - Updated: 2019-11-27
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Scientific Computing 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 7 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, big endian 7 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le | ||
| Red Hat | N/A | Red Hat Virtualization Host 4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.7 x86_64 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Scientific Computing 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Workstation 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, big endian 7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Virtualization Host 4 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Desktop 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2018-10902",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2017-18208",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18208"
},
{
"name": "CVE-2018-18559",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18559"
},
{
"name": "CVE-2019-3900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3900"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
}
],
"initial_release_date": "2019-11-26T00:00:00",
"last_revision_date": "2019-11-27T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-592",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-26T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2019:3978 du 26 novembre 2019",
"revision_date": "2019-11-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2019:3979 du 26 novembre 2019",
"url": "https://access.redhat.com/errata/RHSA-2019:3979"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2019:3967 du 26 novembre 2019",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2019:3978 du 26 novembre 2019",
"url": "https://access.redhat.com/errata/RHSA-2019:3978"
}
]
}
CERTFR-2019-AVI-127
Vulnerability from certfr_avis - Published: 2019-03-26 - Updated: 2019-03-26
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
},
{
"name": "CVE-2019-8912",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8912"
}
],
"initial_release_date": "2019-03-26T00:00:00",
"last_revision_date": "2019-03-26T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-127",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0726-1 du 25 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190726-1/"
}
]
}
CERTFR-2019-AVI-183
Vulnerability from certfr_avis - Published: 2019-04-24 - Updated: 2019-04-24
De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian 7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.6 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.6 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM System z (Structure A) 7 s390xRed Hat Enterprise Linux Server 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.6 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.6 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour IBM z Systems 7 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power 9 7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Real Time pour NFV 7 x86_64Red Hat Enterprise Linux pour ARM 64 7 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Scientific Computing 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux pour Power, big endian 7 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop 7 x86_64 | ||
| Oracle | Virtualization | Red Hat Virtualization Host 4 x86_64 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux pour Power, little endian 7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour IBM z Systems - Extended Update Support 7.6 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (pour IBM Power LE) - Update Services pour SAP Solutions 7.6 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services pour SAP Solutions 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour IBM System z (Structure A) 7 s390xRed Hat Enterprise Linux Server 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, little endian - Extended Update Support 7.6 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Workstation 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, big endian - Extended Update Support 7.6 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour IBM z Systems 7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power 9 7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Real Time pour NFV 7 x86_64Red Hat Enterprise Linux pour ARM 64 7 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Scientific Computing 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux pour Power, big endian 7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Desktop 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Virtualization Host 4 x86_64",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2018-13053",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13053"
},
{
"name": "CVE-2018-18397",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18397"
},
{
"name": "CVE-2018-18281",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18281"
},
{
"name": "CVE-2018-17972",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
},
{
"name": "CVE-2018-13094",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13094"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
},
{
"name": "CVE-2018-14734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14734"
},
{
"name": "CVE-2018-18386",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18386"
}
],
"initial_release_date": "2019-04-24T00:00:00",
"last_revision_date": "2019-04-24T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-183",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRedHat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:0833 du 23 avril 2019",
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:0831 du 23 avril 2019",
"url": "https://access.redhat.com/errata/RHSA-2019:0831"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2019:0818 du 23 avril 2019",
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
}
]
}
CERTFR-2019-AVI-299
Vulnerability from certfr_avis - Published: 2019-06-28 - Updated: 2019-06-28
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BM QRadar Network Security versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.3",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "BM QRadar Network Security versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.8",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-14646",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14646"
},
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2018-10883",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10883"
},
{
"name": "CVE-2017-10661",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10661"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2018-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1094"
},
{
"name": "CVE-2018-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5344"
},
{
"name": "CVE-2018-10879",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10879"
},
{
"name": "CVE-2018-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10878"
},
{
"name": "CVE-2018-10881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10881"
},
{
"name": "CVE-2016-4913",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4913"
},
{
"name": "CVE-2018-17972",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
},
{
"name": "CVE-2015-8830",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8830"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2017-18208",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18208"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2018-13405",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13405"
},
{
"name": "CVE-2017-18344",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18344"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2018-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1092"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
},
{
"name": "CVE-2018-7740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7740"
}
],
"initial_release_date": "2019-06-28T00:00:00",
"last_revision_date": "2019-06-28T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-299",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10883258 du 27 juin 2019",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10883258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10879341 du 27 juin 2019",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10879341"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10881053 du 27 juin 2019",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10881053"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10885002 du 27 juin 2019",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10885002"
}
]
}
CERTFR-2019-AVI-603
Vulnerability from certfr_avis - Published: 2019-12-03 - Updated: 2019-12-03
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 6.5 x86_64 | ||
| Red Hat | N/A | MRG Realtime 2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.4 x86_64 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 6.5 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "MRG Realtime 2 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-10661",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10661"
},
{
"name": "CVE-2018-9568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
},
{
"name": "CVE-2019-11811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11811"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2017-18208",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18208"
},
{
"name": "CVE-2019-3900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3900"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
}
],
"initial_release_date": "2019-12-03T00:00:00",
"last_revision_date": "2019-12-03T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-603",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2019:4058 du 03 d\u00e9cembre 2019",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2019:4057 du 03 d\u00e9cembre 2019",
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2019:4056 du 03 d\u00e9cembre 2019",
"url": "https://access.redhat.com/errata/RHSA-2019:4056"
}
]
}
CERTFR-2019-AVI-123
Vulnerability from certfr_avis - Published: 2019-03-22 - Updated: 2019-03-26
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server pour SAP 12-SP2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server pour SAP 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
}
],
"initial_release_date": "2019-03-22T00:00:00",
"last_revision_date": "2019-03-26T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-123",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-22T00:00:00.000000"
},
{
"description": "Ajout d\u0027un bulletin de s\u00e9curit\u00e9",
"revision_date": "2019-03-25T00:00:00.000000"
},
{
"description": "Ajout d\u0027un bulletin de s\u00e9curit\u00e9",
"revision_date": "2019-03-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0722-1 du 25 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190722-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0683-1 du 21 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190683-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:0709-1 du 22 mars 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190709-1/"
}
]
}
CERTFR-2019-AVI-144
Vulnerability from certfr_avis - Published: 2019-04-03 - Updated: 2019-04-03
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
},
{
"name": "CVE-2019-9213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
},
{
"name": "CVE-2019-7221",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
},
{
"name": "CVE-2019-8912",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8912"
}
],
"initial_release_date": "2019-04-03T00:00:00",
"last_revision_date": "2019-04-03T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-144",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Elles permettent \u00e0 un attaquant de provoquer\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20190845-1 du 02 avril 2019",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190845-1/"
}
]
}
GHSA-JC59-87WQ-G5XP
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14
VLAI?
Details
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2019-7221"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-21T16:01:00Z",
"severity": "HIGH"
},
"details": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.",
"id": "GHSA-jc59-87wq-g5xp",
"modified": "2022-05-13T01:14:42Z",
"published": "2022-05-13T01:14:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7221"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3932-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3931-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3931-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3930-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3930-1"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-7221
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-7221",
"description": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.",
"id": "GSD-2019-7221",
"references": [
"https://www.suse.com/security/cve/CVE-2019-7221.html",
"https://access.redhat.com/errata/RHSA-2019:4058",
"https://access.redhat.com/errata/RHSA-2019:3967",
"https://access.redhat.com/errata/RHSA-2019:0833",
"https://access.redhat.com/errata/RHSA-2019:0818",
"https://ubuntu.com/security/CVE-2019-7221",
"https://advisories.mageia.org/CVE-2019-7221.html",
"https://security.archlinux.org/CVE-2019-7221",
"https://alas.aws.amazon.com/cve/html/CVE-2019-7221.html",
"https://linux.oracle.com/cve/CVE-2019-7221.html",
"https://packetstormsecurity.com/files/cve/CVE-2019-7221"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-7221"
],
"details": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.",
"id": "GSD-2019-7221",
"modified": "2023-12-13T01:23:46.291652Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "FEDORA-2019-164946aa7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "FEDORA-2019-3da64f3e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "SUSE-SA-2019:0203-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/02/18/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "https://support.f5.com/csp/article/K08413011",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.20.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7221"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-3da64f3e61",
"refsource": "FEDORA",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"name": "FEDORA-2019-164946aa7f",
"refsource": "FEDORA",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/02/18/2",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"name": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"name": "SUSE-SA-2019:0203-1",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "USN-3932-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3931-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"name": "USN-3931-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"name": "USN-3930-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"name": "USN-3930-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190404-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"name": "RHSA-2019:0833",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"name": "RHSA-2019:0818",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "https://support.f5.com/csp/article/K08413011",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"name": "RHSA-2019:3967",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-10-15T13:28Z",
"publishedDate": "2019-03-21T16:01Z"
}
}
}
FKIE_CVE-2019-7221
Vulnerability from fkie_nvd - Published: 2019-03-21 16:01 - Updated: 2024-11-21 04:47
Severity ?
Summary
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2019/02/18/2 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHBA-2019:0959 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0818 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0833 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3967 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:4058 | ||
| cve@mitre.org | https://bugs.chromium.org/p/project-zero/issues/detail?id=1760 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commits/master/arch/x86/kvm | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/ | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190404-0002/ | Third Party Advisory | |
| cve@mitre.org | https://support.f5.com/csp/article/K08413011 | ||
| cve@mitre.org | https://usn.ubuntu.com/3930-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3930-2/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3931-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3931-2/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3932-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3932-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2019/02/18/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2019:0959 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0818 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0833 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3967 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:4058 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/project-zero/issues/detail?id=1760 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commits/master/arch/x86/kvm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190404-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K08413011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3930-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3930-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3931-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3931-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3932-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3932-2/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| opensuse | leap | 15.0 | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| netapp | active_iq_performance_analytics_services | - | |
| netapp | element_software_management_node | - | |
| redhat | openshift_container_platform | 3.11 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5DDB30-49C4-4789-9AE3-88BB9B68C5F0",
"versionEndIncluding": "4.20.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E902EEC6-9A41-4FBC-8D81-891DF846A5CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free."
},
{
"lang": "es",
"value": "La implementaci\u00f3n KVM en el kernel de Linux, hasta la versi\u00f3n 4.20.5, tiene un uso de memoria previamente liberada."
}
],
"id": "CVE-2019-7221",
"lastModified": "2024-11-21T04:47:46.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:10.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190404-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K08413011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3930-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3930-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3931-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3931-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-7221
Vulnerability from fstec - Published: 07.02.2019
VLAI Severity ?
Title
Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Description
Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux связана с использованием памяти после ее освобождения. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity ?
Vendor
Canonical Ltd., Fedora Project, Novell Inc., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения
Software Name
Ubuntu, Fedora, OpenSUSE Leap, Astra Linux Common Edition (запись в едином реестре российских программ №4433), Debian GNU/Linux, Linux
Software Version
14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 28 (Fedora), 18.10 (Ubuntu), 29 (Fedora), 15 (OpenSUSE Leap), 2.12 «Орёл» (Astra Linux Common Edition), 8 (Debian GNU/Linux), от 4.0 до 4.4.174 включительно (Linux), от 4.5 до 4.9.155 включительно (Linux), от 4.10 до 4.14.98 включительно (Linux), от 4.15 до 4.19.20 включительно (Linux), от 4.20.0 до 4.20.7 включительно (Linux)
Possible Mitigations
Использование рекомендаций:
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/
https://usn.ubuntu.com/3930-1/
https://usn.ubuntu.com/3930-2/
https://usn.ubuntu.com/3931-1/
https://usn.ubuntu.com/3931-2/
https://usn.ubuntu.com/3932-1/
https://usn.ubuntu.com/3932-2/
Для Astra Linux:
Обновление программного обеспечения (пакета linux) до 4.19.152-1 или более поздней версии
Reference
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html
http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html
http://www.openwall.com/lists/oss-security/2019/02/18/2
https://access.redhat.com/errata/RHBA-2019:0959
https://access.redhat.com/errata/RHSA-2019:0818
https://access.redhat.com/errata/RHSA-2019:0833
https://access.redhat.com/errata/RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:4058
https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
https://bugzilla.redhat.com/show_bug.cgi?id=1671904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7221
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
https://github.com/torvalds/linux/commits/master/arch/x86/kvm
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.175
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/
https://security.netapp.com/advisory/ntap-20190404-0002/
https://support.f5.com/csp/article/K08413011
https://ubuntu.com/security/notices/USN-3930-1
https://ubuntu.com/security/notices/USN-3930-2
https://ubuntu.com/security/notices/USN-3931-1
https://ubuntu.com/security/notices/USN-3931-2
https://ubuntu.com/security/notices/USN-3932-1
https://ubuntu.com/security/notices/USN-3932-2
https://usn.ubuntu.com/3930-1/
https://usn.ubuntu.com/3930-2/
https://usn.ubuntu.com/3931-1/
https://usn.ubuntu.com/3931-2/
https://usn.ubuntu.com/3932-1/
https://usn.ubuntu.com/3932-2/
https://usn.ubuntu.com/usn/usn-3930-1
https://usn.ubuntu.com/usn/usn-3930-2
https://usn.ubuntu.com/usn/usn-3931-1
https://usn.ubuntu.com/usn/usn-3931-2
https://usn.ubuntu.com/usn/usn-3932-1
https://usn.ubuntu.com/usn/usn-3932-2
https://www.cve.org/CVERecord?id=CVE-2019-7221
CWE
CWE-416
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Fedora Project, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 28 (Fedora), 18.10 (Ubuntu), 29 (Fedora), 15 (OpenSUSE Leap), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 8 (Debian GNU/Linux), \u043e\u0442 4.0 \u0434\u043e 4.4.174 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.155 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.98 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.20 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20.0 \u0434\u043e 4.20.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: \nhttp://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html \nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00034.html \nhttps://lists.debian.org/debian-lts-announce/2019/04/msg00004.html \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/ \nhttps://usn.ubuntu.com/3930-1/ \nhttps://usn.ubuntu.com/3930-2/ \nhttps://usn.ubuntu.com/3931-1/ \nhttps://usn.ubuntu.com/3931-2/ \nhttps://usn.ubuntu.com/3932-1/ \nhttps://usn.ubuntu.com/3932-2/\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 linux) \u0434\u043e 4.19.152-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.02.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.06.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.04.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01352",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-7221",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Fedora, OpenSUSE Leap, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Debian GNU/Linux, Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Canonical Ltd. Ubuntu 16.04 LTS , Canonical Ltd. Ubuntu 18.04 LTS , Fedora Project Fedora 28 , Canonical Ltd. Ubuntu 18.10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 4.20.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Fedora Project Fedora 29 , Novell Inc. OpenSUSE Leap 15 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 Kernel-based Virtual Machine (KVM) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 Kernel-based Virtual Machine (KVM) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html\nhttp://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html\nhttp://www.openwall.com/lists/oss-security/2019/02/18/2\nhttps://access.redhat.com/errata/RHBA-2019:0959\nhttps://access.redhat.com/errata/RHSA-2019:0818\nhttps://access.redhat.com/errata/RHSA-2019:0833\nhttps://access.redhat.com/errata/RHSA-2019:3967\nhttps://access.redhat.com/errata/RHSA-2019:4058\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1760\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1671904\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7221\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f\nhttps://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f\nhttps://github.com/torvalds/linux/commits/master/arch/x86/kvm\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.175\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00034.html\nhttps://lists.debian.org/debian-lts-announce/2019/04/msg00004.html\nhttps://lists.debian.org/debian-lts-announce/2019/05/msg00002.html\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/\nhttps://security.netapp.com/advisory/ntap-20190404-0002/\nhttps://support.f5.com/csp/article/K08413011\nhttps://ubuntu.com/security/notices/USN-3930-1\nhttps://ubuntu.com/security/notices/USN-3930-2\nhttps://ubuntu.com/security/notices/USN-3931-1\nhttps://ubuntu.com/security/notices/USN-3931-2\nhttps://ubuntu.com/security/notices/USN-3932-1\nhttps://ubuntu.com/security/notices/USN-3932-2\nhttps://usn.ubuntu.com/3930-1/\nhttps://usn.ubuntu.com/3930-2/\nhttps://usn.ubuntu.com/3931-1/\nhttps://usn.ubuntu.com/3931-2/\nhttps://usn.ubuntu.com/3932-1/\nhttps://usn.ubuntu.com/3932-2/\nhttps://usn.ubuntu.com/usn/usn-3930-1\nhttps://usn.ubuntu.com/usn/usn-3930-2\nhttps://usn.ubuntu.com/usn/usn-3931-1\nhttps://usn.ubuntu.com/usn/usn-3931-2\nhttps://usn.ubuntu.com/usn/usn-3932-1\nhttps://usn.ubuntu.com/usn/usn-3932-2\nhttps://www.cve.org/CVERecord?id=CVE-2019-7221",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…