CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
52.0%
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us
is used (e.g., with Kubernetes), allows attackers to cause a denial of
service against non-cpu-bound applications by generating a workload that
triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words,
although this slice expiration would typically be seen with benign
workloads, it is possible that an attacker could calculate how many stray
requests are required to force an entire Kubernetes cluster into a
low-performance state caused by slice expiration, and ensure that a DDoS
attack sent that number of stray requests. An attack does not affect the
stability of the kernel; it only causes mismanagement of application
execution.)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-69.78 | UNKNOWN |
ubuntu | 19.04 | noarch | linux | < 5.0.0-38.41 | UNKNOWN |
ubuntu | 19.10 | noarch | linux | < 5.3.0-24.26 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1054.56 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-aws | < 5.0.0-1023.26 | UNKNOWN |
ubuntu | 19.10 | noarch | linux-aws | < 5.3.0-1008.9 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.0 | < 5.0.0-1023.26~18.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1054.56~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 5.0.0-1027.29~18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-azure | < 5.0.0-1027.29 | UNKNOWN |
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425
git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425
github.com/kubernetes/kubernetes/issues/67577
github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425
launchpad.net/bugs/cve/CVE-2019-19922
nvd.nist.gov/vuln/detail/CVE-2019-19922
relistan.com/the-kernel-may-be-slowing-down-your-app
security-tracker.debian.org/tracker/CVE-2019-19922
ubuntu.com/security/notices/USN-4226-1
www.cve.org/CVERecord?id=CVE-2019-19922
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
52.0%