CVE-2019-7308
First published: Fri Feb 01 2019(Updated: )
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <4.19.19 | |
| Linux Kernel | >=4.20.0<4.20.6 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =18.10 | |
| SUSE Linux | =15.0 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.135-1 6.12.22-1 6.12.25-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html
- http://www.securityfocus.com/bid/106827
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6
- https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
- https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda
- https://support.f5.com/csp/article/K43030517
- https://support.f5.com/csp/article/K43030517?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/3930-1/
- https://usn.ubuntu.com/3930-2/
- https://usn.ubuntu.com/3931-1/
- https://usn.ubuntu.com/3931-2/
- https://support.f5.com/csp/article/K43030517?utm_source=f5support&amp;utm_medium=RSS
- https://launchpad.net/bugs/cve/CVE-2019-7308
- https://support.f5.com/csp/article/K43030517?utm_source=f5support&%3Butm_medium=RSS
- https://git.kernel.org/linus/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
- https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda
- https://security-tracker.debian.org/tracker/CVE-2019-7308
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7308
- https://nvd.nist.gov/vuln/detail/CVE-2019-7308
- https://ubuntu.com/security/CVE-2019-7308
Frequently Asked Questions
What is the severity of CVE-2019-7308?
CVE-2019-7308 is classified as a medium-severity vulnerability due to potential exposure to side-channel attacks.
How do I fix CVE-2019-7308?
To fix CVE-2019-7308, upgrade the Linux kernel to version 4.20.6 or later.
Which versions of the Linux kernel are affected by CVE-2019-7308?
CVE-2019-7308 affects Linux kernel versions prior to 4.20.6 and 4.19.19 and older.
Is CVE-2019-7308 specific to any Linux distributions?
Yes, CVE-2019-7308 affects multiple distributions, including Ubuntu 14.04, 16.04, 18.04, 18.10, and openSUSE Leap 15.0.
Can CVE-2019-7308 be exploited remotely?
CVE-2019-7308 may be exploited via local access, making it a notable concern for system security.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/trending
- agent/source
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.20.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/18.10
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.0
- package-manager/debian