Lucene search

Veracode Vulnerability DatabaseVERACODE:19473

HistoryMay 16, 2019 - 3:11 a.m.

Information Disclosure

2019-05-1603:11:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

JSON

Linux kernel is vulnerable to information disclosure vulnerability. The vulnerability exists in an unknown code of the component Speculative Execution. An unprivileged attacker could use this flaw to read some of the memory contents of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.

CPENameOperatorVersion
kerneleq2.6.32__696.28.1.el6
kerneleq3.10.0__693.el7
kerneleq2.6.32__431.40.2.el6
kerneleq2.6.32__131.17.1.el6
kerneleq2.6.18__348.18.1.el5
kerneleq2.6.32__71.18.2.el6
kerneleq2.6.18__418.el5
kerneleq2.6.32__504.16.2.el6
kerneleq2.6.18__371.6.1.el5
kerneleq2.6.18__92.el5

Name	Operator	Version
kernel	eq	2.6.32__696.28.1.el6
kernel	eq	3.10.0__693.el7
kernel	eq	2.6.32__431.40.2.el6
kernel	eq	2.6.32__131.17.1.el6
kernel	eq	2.6.18__348.18.1.el5
kernel	eq	2.6.32__71.18.2.el6
kernel	eq	2.6.18__418.el5
kernel	eq	2.6.32__504.16.2.el6
kernel	eq	2.6.18__371.6.1.el5
kernel	eq	2.6.18__92.el5

Rows per page:

1-10 of 4111

References

support.lenovo.com/us/en/solutions/LEN-24163

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en

www.securityfocus.com/bid/105080

www.securitytracker.com/id/1041451

www.securitytracker.com/id/1042004

www.vmware.com/security/advisories/VMSA-2018-0020.html

xenbits.xen.org/xsa/advisory-273.html

access.redhat.com/articles/3527791

access.redhat.com/errata/RHSA-2018:2384

access.redhat.com/errata/RHSA-2018:2387

access.redhat.com/errata/RHSA-2018:2388

access.redhat.com/errata/RHSA-2018:2389

access.redhat.com/errata/RHSA-2018:2390

access.redhat.com/errata/RHSA-2018:2391

access.redhat.com/errata/RHSA-2018:2392

access.redhat.com/errata/RHSA-2018:2393

access.redhat.com/errata/RHSA-2018:2394

access.redhat.com/errata/RHSA-2018:2395

access.redhat.com/errata/RHSA-2018:2396

access.redhat.com/errata/RHSA-2018:2402

access.redhat.com/errata/RHSA-2018:2403

access.redhat.com/errata/RHSA-2018:2404

access.redhat.com/errata/RHSA-2018:2602

access.redhat.com/errata/RHSA-2018:2603

access.redhat.com/security/updates/classification/#important

access.redhat.com/security/vulnerabilities/L1TF

cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf

foreshadowattack.eu/

help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

lists.debian.org/debian-lts-announce/2018/08/msg00029.html

lists.debian.org/debian-lts-announce/2018/09/msg00017.html

lists.fedoraproject.org/archives/list/[email protected]/message/V4UWGORQWCENCIF2BHWUEF2ODBV75QS2/

lists.fedoraproject.org/archives/list/[email protected]/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/

portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018

psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0010

security.FreeBSD.org/advisories/FreeBSD-SA-18:09.l1tf.asc

security.gentoo.org/glsa/201810-06

security.netapp.com/advisory/ntap-20180815-0001/

software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault

support.f5.com/csp/article/K31300402

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel

usn.ubuntu.com/3740-1/

usn.ubuntu.com/3740-2/

usn.ubuntu.com/3741-1/

usn.ubuntu.com/3741-2/

usn.ubuntu.com/3742-1/

usn.ubuntu.com/3742-2/

usn.ubuntu.com/3756-1/

usn.ubuntu.com/3823-1/

www.debian.org/security/2018/dsa-4274

www.debian.org/security/2018/dsa-4279

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

www.kb.cert.org/vuls/id/982149

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.synology.com/support/security/Synology_SA_18_45

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

JSON

Related for VERACODE:19473