5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
50.9%
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us
is used (e.g., with Kubernetes), allows attackers to cause a denial of
service against non-cpu-bound applications by generating a workload that
triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words,
although this slice expiration would typically be seen with benign
workloads, it is possible that an attacker could calculate how many stray
requests are required to force an entire Kubernetes cluster into a
low-performance state caused by slice expiration, and ensure that a DDoS
attack sent that number of stray requests. An attack does not affect the
stability of the kernel; it only causes mismanagement of application
execution.)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-69.78 | UNKNOWN |
ubuntu | 19.04 | noarch | linux | < 5.0.0-38.41 | UNKNOWN |
ubuntu | 19.10 | noarch | linux | < 5.3.0-24.26 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1054.56 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-aws | < 5.0.0-1023.26 | UNKNOWN |
ubuntu | 19.10 | noarch | linux-aws | < 5.3.0-1008.9 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.0 | < 5.0.0-1023.26~18.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp | < 5.0.0-1028.29~18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-gcp | < 5.0.0-1028.29 | UNKNOWN |
ubuntu | 19.10 | noarch | linux-gcp | < 5.3.0-1009.10 | UNKNOWN |
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19922
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425
git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425
github.com/kubernetes/kubernetes/issues/67577
github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425
launchpad.net/bugs/cve/CVE-2019-19922
nvd.nist.gov/vuln/detail/CVE-2019-19922
relistan.com/the-kernel-may-be-slowing-down-your-app
security-tracker.debian.org/tracker/CVE-2019-19922
ubuntu.com/security/notices/USN-4226-1
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
50.9%