Vulnerability CVE-2019-19922

Vulnerability Name:

CVE-2019-19922 (CCN-173427)

Assigned:

2019-07-23

Published:

2019-07-23

Updated:

2022-12-14

Summary:

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-400

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2019-19922

Source: cve@mitre.org
Type: Mailing List, Patch, Vendor Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
linux-kernel-cve201919922-dos(173427)

Source: cve@mitre.org
Type: Mailing List, Patch, Vendor Advisory
cve@mitre.org

Source: CCN
Type: Linux Kernel GIT Repository
sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices

Source: cve@mitre.org
Type: Issue Tracking, Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Exploit, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-19922

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:5.3.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201919922	V	CVE-2019-19922	2023-06-22
oval:org.opensuse.security:def:8029	P	kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7539	P	kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8090	P	reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:685	P	Security update for bind (Important)	2022-08-09
oval:org.opensuse.security:def:665	P	Security update for samba (Moderate)	2022-08-03
oval:org.opensuse.security:def:3453	P	clamav-0.101.3-1.19 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3567	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3398	P	wpa_supplicant-2.6-15.10.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3448	P	busybox-1.21.1-3.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:1400	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3) (Important) (in QA)	2022-06-27
oval:org.opensuse.security:def:95078	P	reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2960	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95083	P	kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94590	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95197	P	kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95028	P	kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:89	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1792	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:49126	P	Security update for runc (Moderate)	2021-12-14
oval:org.opensuse.security:def:66952	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:94182	P	(Important)	2021-08-17
oval:org.opensuse.security:def:2036	P	kernel-azure-5.3.18-36.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63102	P	reiserfs-kmp-default-5.3.18-57.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2013	P	reiserfs-kmp-default-5.3.18-57.3 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63125	P	kernel-azure-5.3.18-36.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100865	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100891	P	libXv-devel-1.0.11-1.23 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1018	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101277	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72738	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100895	P	libXxf86vm-devel-1.1.4-1.23 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63019	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101039	P	perl-Convert-ASN1-0.27-1.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71848	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1930	P	kernel-docs-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100851	P	grub2-2.04-20.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62107	P	kernel-64kb-5.3.18-57.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66860	P	Security update for ffmpeg (Important)	2021-07-14
oval:org.opensuse.security:def:94178	P	(Important)	2021-07-14
oval:org.opensuse.security:def:1465	P	Security update for postgresql13 (Moderate)	2021-07-11
oval:org.opensuse.security:def:69672	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-17
oval:org.opensuse.security:def:73643	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:66817	P	Security update for pam_radius (Moderate)	2021-06-08
oval:org.opensuse.security:def:93741	P	(Important)	2021-06-02
oval:org.opensuse.security:def:70207	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:66759	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:70203	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:69777	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:70308	P	Security update for python (Important)	2021-02-09
oval:org.opensuse.security:def:66851	P	Security update for go1.14 (Moderate)	2021-01-26
oval:org.opensuse.security:def:66725	P	Security update for libzypp, zypper (Moderate)	2021-01-13
oval:org.opensuse.security:def:70173	P	Security update for openssh (Moderate)	2020-12-18
oval:org.opensuse.security:def:66421	P	Security update for openssl-1_0_0 (Important)	2020-12-11
oval:org.opensuse.security:def:107705	P	kernel-default-extra-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117220	P	kernel-default-extra-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72678	P	kernel-docs-5.3.18-22.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1999	P	reiserfs-kmp-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107517	P	kernel-docs-5.3.18-22.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62959	P	kernel-docs-5.3.18-22.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117075	P	kernel-docs-5.3.18-22.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2534	P	kernel-default-extra-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94326	P	kernel-default-extra-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63114	P	kernel-azure-5.3.18-16.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107557	P	reiserfs-kmp-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94138	P	kernel-docs-5.3.18-22.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117115	P	reiserfs-kmp-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71515	P	kernel-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1870	P	kernel-docs-5.3.18-22.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100454	P	kernel-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61774	P	kernel-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2025	P	kernel-azure-5.3.18-16.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107561	P	kernel-azure-5.3.18-16.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63088	P	reiserfs-kmp-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117119	P	kernel-azure-5.3.18-16.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107120	P	kernel-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63623	P	kernel-default-extra-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116678	P	kernel-default-5.3.18-22.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49072	P	cpp7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73424	P	libgypsy-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49906	P	kernel-azure on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66329	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:49787	P	kernel-docs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73525	P	perl-Net-Libproxy on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50233	P	kernel-default-extra on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73112	P	kernel-default on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:72994	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:70068	P	libQt5OpenGLExtensions-devel-static on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49852	P	osc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73508	P	kernel-docs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73390	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:49841	P	kernel-docs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70102	P	libmp3lame-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50179	P	bogofilter-common on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73542	P	kernel-azure on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20201769	P	RHSA-2020:1769: kernel security, bug fix, and enhancement update (Important)	2020-04-28
oval:com.redhat.rhsa:def:20201567	P	RHSA-2020:1567: kernel-rt security, bug fix, and enhancement update (Important)	2020-04-28
oval:com.ubuntu.disco:def:2019199220000000	V	CVE-2019-19922 on Ubuntu 19.04 (disco) - medium.	2019-12-22
oval:com.ubuntu.bionic:def:2019199220000000	V	CVE-2019-19922 on Ubuntu 18.04 LTS (bionic) - medium.	2019-12-22
oval:com.ubuntu.xenial:def:2019199220000000	V	CVE-2019-19922 on Ubuntu 16.04 LTS (xenial) - medium.	2019-12-22

BACK