CVE-2019-10639: Weak Encryption
First published: Fri Jul 05 2019(Updated: )
A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a net_hash_mix() function. A remote user could observe this IP ID field to extract the kernel address bits used to derive its value, which may result in leaking the hash key and potentially defeating KASLR.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1127.rt56.1093.el7 | 0:3.10.0-1127.rt56.1093.el7 |
| redhat/kernel | <0:3.10.0-1127.el7 | 0:3.10.0-1127.el7 |
| redhat/kernel | <0:3.10.0-1062.26.1.el7 | 0:3.10.0-1062.26.1.el7 |
| redhat/kernel-rt | <0:4.18.0-193.rt13.51.el8 | 0:4.18.0-193.rt13.51.el8 |
| redhat/kernel | <0:4.18.0-193.el8 | 0:4.18.0-193.el8 |
| Linux Linux kernel | >=4.1<=4.20.9 | |
| Linux Linux kernel | >=5.0<5.0.8 | |
| IBM Data Risk Manager | <=2.0.6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-10639 https://nvd.nist.gov/vuln/detail/CVE-2019-10639 https://arxiv.org/pdf/1906.10478.pdf
- https://bugzilla.redhat.com/show_bug.cgi?id=1729933
- https://access.redhat.com/errata/RHSA-2020:1070
- https://access.redhat.com/errata/RHSA-2020:1016
- https://access.redhat.com/errata/RHSA-2020:2522
- https://access.redhat.com/errata/RHSA-2020:1567
- https://access.redhat.com/errata/RHSA-2020:1769
- https://access.redhat.com/security/cve/cve-2019-10639
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
- https://arxiv.org/pdf/1906.10478.pdf
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92
- https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92
- https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
- https://seclists.org/bugtraq/2019/Aug/18
- https://security.netapp.com/advisory/ntap-20190806-0001/
- https://support.f5.com/csp/article/K32804955
- https://support.f5.com/csp/article/K32804955?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/4115-1/
- https://usn.ubuntu.com/4118-1/
- https://www.debian.org/security/2019/dsa-4497
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://support.f5.com/csp/article/K32804955?utm_source=f5support&amp;utm_medium=RSS
- https://launchpad.net/bugs/cve/CVE-2019-10639
- https://git.kernel.org/linus/355b98553789b646ed97ad801a619ff898471b92
- https://git.kernel.org/linus/b6a7719aedd7e5c0f2df7641aa47386111682df4
- https://git.kernel.org/linus/5a352dd0a3aac03b443c94828dfd7144261c8636
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1729934
- https://support.f5.com/csp/article/K32804955?utm_source=f5support&%3Butm_medium=RSS
- https://exchange.xforce.ibmcloud.com/vulnerabilities/167414
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2019-10639
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10639
- https://nvd.nist.gov/vuln/detail/CVE-2019-10639
- https://ubuntu.com/security/CVE-2019-10639
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-10639
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/references
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.1
- version/linux linux kernel/4.20.9
- version/linux linux kernel/5.0
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- package-manager/debian