kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)

Affected Software

CPE Name Name Version
linux:linux_kernel linux linux kernel 5.3.9
debian:debian_linux debian debian linux 8.0
canonical:ubuntu_linux canonical ubuntu linux 18.04
canonical:ubuntu_linux canonical ubuntu linux 19.04
oracle:sd-wan_edge oracle sd-wan edge 8.2
netapp:cloud_backup netapp cloud backup -
netapp:steelstore_cloud_integrated_storage netapp steelstore cloud integrated storage -
netapp:data_availability_services netapp data availability services -
netapp:solidfire_\&_hci_management_node netapp solidfire \& hci management node -
netapp:active_iq_unified_manager netapp active iq unified manager -
netapp:solidfire_baseboard_management_controller netapp solidfire baseboard management controller -
netapp:fas\/aff_baseboard_management_controller netapp fas\/aff baseboard management controller -
netapp:e-series_santricity_os_controller netapp e-series santricity os controller 11.70.2
netapp:hci_baseboard_management_controller netapp hci baseboard management controller h610s
netapp:aff_baseboard_management_controller netapp aff baseboard management controller a700