Lucene search

Veracode Vulnerability DatabaseVERACODE:21944

HistoryNov 13, 2019 - 12:20 a.m.

Information Disclosure

2019-11-1300:20:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

kernel is vulnerable to information disclosure. Due to the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occur, a local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times.

CPENameOperatorVersion
kerneleq2.6.32__696.1.1.bgq.el6
kerneleq2.6.32__220.4.4.bgq.el6
kerneleq2.6.32__696.28.1.el6
kerneleq2.6.32__358.6.1.el6
kerneleq4.18.0__80.el8
kerneleq2.6.32__642.6.2.el6
kerneleq2.6.32__431.40.2.el6
kerneleq3.10.0__957.1.3.el7
kerneleq2.6.32__642.3.1.el6
kerneleq2.6.32__131.17.1.el6

Name	Operator	Version
kernel	eq	2.6.32__696.1.1.bgq.el6
kernel	eq	2.6.32__220.4.4.bgq.el6
kernel	eq	2.6.32__696.28.1.el6
kernel	eq	2.6.32__358.6.1.el6
kernel	eq	4.18.0__80.el8
kernel	eq	2.6.32__642.6.2.el6
kernel	eq	2.6.32__431.40.2.el6
kernel	eq	3.10.0__957.1.3.el7
kernel	eq	2.6.32__642.3.1.el6
kernel	eq	2.6.32__131.17.1.el6

Rows per page:

1-10 of 7661

References

lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html

lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html

lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html

packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

www.openwall.com/lists/oss-security/2019/12/10/3

www.openwall.com/lists/oss-security/2019/12/10/4

www.openwall.com/lists/oss-security/2019/12/11/1

access.redhat.com/errata/RHSA-2019:3832

access.redhat.com/errata/RHSA-2019:3936

access.redhat.com/errata/RHSA-2020:0026

access.redhat.com/errata/RHSA-2020:0028

access.redhat.com/errata/RHSA-2020:0204

access.redhat.com/errata/RHSA-2020:0279

access.redhat.com/errata/RHSA-2020:0366

access.redhat.com/errata/RHSA-2020:0555

access.redhat.com/errata/RHSA-2020:0666

access.redhat.com/errata/RHSA-2020:0730

access.redhat.com/security/updates/classification/#important

access.redhat.com/security/vulnerabilities/ifu-page-mce

access.redhat.com/solutions/i915-graphics

access.redhat.com/solutions/tsx-asynchronousabort

kc.mcafee.com/corporate/index?page=content&id=SB10306

lists.debian.org/debian-lts-announce/2019/12/msg00035.html

lists.fedoraproject.org/archives/list/[email protected]/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/

lists.fedoraproject.org/archives/list/[email protected]/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/

seclists.org/bugtraq/2019/Dec/28

seclists.org/bugtraq/2019/Nov/26

seclists.org/bugtraq/2020/Jan/21

security.gentoo.org/glsa/202003-56

support.f5.com/csp/article/K02912734?utm_source=f5support&utm_medium=RSS

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us

usn.ubuntu.com/4186-2/

www.debian.org/security/2020/dsa-4602

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html

www.oracle.com/security-alerts/cpujan2021.html

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

Information Disclosure

References

Related