Vulnerability CVE-2019-7308: Information

Description

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.

Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-7308
Published: Feb. 2, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-189

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-mpsisyphus4.20.8-alt16.9.4-alt1ALT-PU-2019-1231-1221429Fixed
kernel-image-mpp104.20.8-alt16.1.19-alt1ALT-PU-2019-1231-1221429Fixed
kernel-image-mpp94.20.8-alt15.12.16-alt1ALT-PU-2019-1231-1221429Fixed
kernel-image-mpc9f24.20.8-alt15.7.16-alt1ALT-PU-2019-1231-1221429Fixed
kernel-image-mpp114.20.8-alt16.8.8-alt1ALT-PU-2019-1231-1221429Fixed
kernel-image-std-defsisyphus4.19.27-alt16.1.94-alt1ALT-PU-2019-1433-1223864Fixed
kernel-image-std-defp104.19.27-alt15.10.218-alt1ALT-PU-2019-1433-1223864Fixed
kernel-image-std-defp94.19.27-alt15.4.277-alt1ALT-PU-2019-1433-1223864Fixed
kernel-image-std-defc9f24.19.27-alt15.10.214-alt0.c9f.2ALT-PU-2019-1433-1223864Fixed
kernel-image-std-defp114.19.27-alt16.1.91-alt1ALT-PU-2019-1433-1223864Fixed
kernel-image-un-defsisyphus4.19.19-alt16.6.34-alt1ALT-PU-2019-1162-1220302Fixed
kernel-image-un-defp104.19.19-alt16.1.90-alt1ALT-PU-2019-1162-1220302Fixed
kernel-image-un-defp94.19.19-alt15.10.218-alt1ALT-PU-2019-1162-1220302Fixed
kernel-image-un-defp84.19.27-alt0.M80P.14.19.310-alt0.M80P.1ALT-PU-2019-1431-1224040Fixed
kernel-image-un-defc10f14.19.19-alt16.1.85-alt0.c10f.1ALT-PU-2019-1162-1220302Fixed
kernel-image-un-defc9f24.19.19-alt15.10.29-alt2ALT-PU-2019-1162-1220302Fixed
kernel-image-un-defp114.19.19-alt16.6.31-alt1ALT-PU-2019-1162-1220302Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed
usbipp115.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda
  • Patch
  • Third Party Advisory
https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
  • Patch
  • Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6
  • Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
  • Issue Tracking
  • Patch
  • Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda
  • Patch
  • Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38
  • Patch
  • Third Party Advisory
106827
  • Third Party Advisory
  • VDB Entry
USN-3931-2
  • Third Party Advisory
USN-3931-1
  • Third Party Advisory
USN-3930-2
  • Third Party Advisory
USN-3930-1
  • Third Party Advisory
openSUSE-SU-2019:1193
  • Third Party Advisory
https://support.f5.com/csp/article/K43030517
    https://support.f5.com/csp/article/K43030517?utm_source=f5support&amp%3Butm_medium=RSS

        1. Configuration 1

          cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
          End excliding
          4.19.19
          cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
          Start including
          4.20.0
          End excliding
          4.20.6

          Configuration 2

          cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

          Configuration 3

          cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top