Vulnerability CVE-2019-20934

Vulnerability Name:

CVE-2019-20934 (CCN-165068)

Assigned:

2019-08-08

Published:

2019-08-08

Updated:

2021-01-12

Summary:

An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): High

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H)
4.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Complete

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-416

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2019-20934

Source: MISC
Type: Issue Tracking, Vendor Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1913

Source: CCN
Type: Google Security Research Issue 1913
Linux: use-after-free reads in show_numa_stats()

Source: MISC
Type: Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6

Source: XF
Type: UNKNOWN
linux-kernel-shownumastats-dos(165068)

Source: CCN
Type: Linux Kernel GIT Repository
sched/fair: Don't free p->numa_faults with concurrent readers

Source: CCN
Type: Linux Kernel GIT Repository
sched/fair: Use RCU accessors consistently for ->numa_group

Source: MISC
Type: Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16d51a590a8ce3befb1308e0e7ab77f3b661af33

Source: CCN
Type: Packet Storm Security [08-08-2019]
Linux show_numa_stats() Use-After-Free

Source: CCN
Type: IBM Security Bulletin 6601949 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities in kernel.

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 4.19 and < 4.19.64)

OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version >= 5.2 and <= 5.2.17)

OR cpe:/o:linux:linux_kernel:5.3:rc1:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

AND

cpe:/a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7553	P	libX11-6-1.6.5-150000.3.27.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7695	P	libvpx-devel-1.11.0-150400.1.5 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:52003	P	Security update for libksba (Moderate)	2023-01-09
oval:org.opensuse.security:def:5333	P	Security update for libcroco (Important)	2022-08-26
oval:org.opensuse.security:def:3232	P	libplist3-1.12-20.3.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:96755	P	python3-libxml2-python-2.9.7-3.6.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:93419	P	(Important)	2021-08-17
oval:org.opensuse.security:def:2037	P	kernel-azure-base-4.12.14-8.58.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63126	P	kernel-azure-base-4.12.14-8.58.1 on GA media (Moderate)	2021-08-10
oval:com.redhat.rhsa:def:20212725	P	RHSA-2021:2725: kernel security and bug fix update (Important)	2021-07-21
oval:com.redhat.rhsa:def:20212726	P	RHSA-2021:2726: kernel-rt security and bug fix update (Important)	2021-07-21
oval:org.opensuse.security:def:4423	P	Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP5) (Important)	2021-06-18
oval:org.opensuse.security:def:85803	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:32255	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:86190	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:57162	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:84261	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:31339	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:19521	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:86719	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:57549	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:84719	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:31726	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:23741	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:58078	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:51729	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:21406	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:10198	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:70338	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:89498	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:55844	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:126816	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:24015	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:88241	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:83228	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:30021	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:125103	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:19455	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:81098	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:127213	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:20324	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:8697	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:88558	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:59585	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:54756	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:125331	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:23171	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:67816	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:97214	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:33762	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:82140	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:28933	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:51159	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:9444	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:69584	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:6727	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:89240	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:59843	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:55289	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:125648	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:19571	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:8263	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:34020	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:82673	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:29466	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:58825	P	Security update for kernel-source (Important)	2021-02-05
oval:org.opensuse.security:def:33002	P	Security update for kernel-source (Important)	2021-02-05
oval:org.opensuse.security:def:87466	P	Security update for kernel-source (Important)	2021-02-05
oval:org.opensuse.security:def:110671	P	Security update for the Linux Kernel (Important)	2021-01-16
oval:org.opensuse.security:def:60240	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:4270	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:19602	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:34417	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:26037	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:4394	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:61070	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:20419	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:35247	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:5024	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:6879	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:66486	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:104125	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:8313	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:98158	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:104916	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:5397	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:64321	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:10596	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:70736	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:67511	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:97435	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:104361	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:96846	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:75554	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:91193	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:98226	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:105062	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:6422	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:65512	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:73443	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:90470	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:98819	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:97671	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:91261	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:98372	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:91869	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:74580	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:90706	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:99910	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:67968	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:104848	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:91407	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:98589	P	Security update for the Linux Kernel (Moderate)	2021-01-12
oval:org.opensuse.security:def:68642	P	Security update for the Linux Kernel (Moderate)	2021-01-12
oval:org.opensuse.security:def:91624	P	Security update for the Linux Kernel (Moderate)	2021-01-12
oval:org.opensuse.security:def:60487	P	Security update for the Linux Kernel (Moderate)	2021-01-12
oval:org.opensuse.security:def:34664	P	Security update for the Linux Kernel (Moderate)	2021-01-12
oval:org.opensuse.security:def:105279	P	Security update for the Linux Kernel (Moderate)	2021-01-12
oval:org.opensuse.security:def:97352	P	Security update for the Linux Kernel (Moderate)	2021-01-12
oval:org.opensuse.security:def:105328	P	Security update for the Linux Kernel (Important)	2020-12-14
oval:org.opensuse.security:def:75490	P	Security update for the Linux Kernel (Important)	2020-12-14
oval:org.opensuse.security:def:91129	P	Security update for the Linux Kernel (Important)	2020-12-14
oval:org.opensuse.security:def:98638	P	Security update for the Linux Kernel (Important)	2020-12-14
oval:org.opensuse.security:def:68784	P	Security update for the Linux Kernel (Important)	2020-12-14
oval:org.opensuse.security:def:91673	P	Security update for the Linux Kernel (Important)	2020-12-14
oval:org.opensuse.security:def:104784	P	Security update for the Linux Kernel (Important)	2020-12-14
oval:org.opensuse.security:def:66422	P	Security update for the Linux Kernel (Important)	2020-12-14
oval:org.opensuse.security:def:98094	P	Security update for the Linux Kernel (Important)	2020-12-14
oval:org.opensuse.security:def:21830	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:4718	P	Security update for the Linux Kernel (Important)	2020-12-11

BACK