ID

VAR-201907-1641


CVE

CVE-2019-13272


TITLE

Linux Kernel Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-006727

DESCRIPTION

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. Linux Kernel Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. For the oldstable distribution (stretch), this problem has been fixed in version 4.9.168-1+deb9u4. For the stable distribution (buster), this problem has been fixed in version 4.19.37-5+deb10u1. This update includes as well a patch for a regression introduced by the original fix for CVE-2019-11478 (#930904). We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0zJkBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SvYw/8CJrPtf7juWLaRa3m/LvFewU+BppoJqNaVUbQNXVT90PgH/zDWVbpkJ4g Tr4MW6tzRKnAfUS+jObsnR9jGo871ZZ2wtlcM3W0bMnCwK6tPnTGiqTauflPXf2X KW8V3YLI6W6MxPlSLa2EQkDJ/RfTke4SwQDFDX0lzYjC5LwCwDwKIWBC6P5xBg6w yxNh6PHv9++ES8SKYpU3oMlWG43fJZJ8Oyy7Wdk0H84Qcjxb8FDP2iWyRf0Mvb+5 1uFosUswfN89imMrIFdYhv/z7CYFeHgYA0lPIvQ1gpNWOflrGqoMYL1Pys95mVCV RdRBtWy2atPHos6HEgw85cxaTS9Ss9FYB0sL+QCqIdw5ZwTt5+QR+JLNvJ53VKEm BxE5TncjlEAOc9t74xti/vBW2eCjp7IPaMP8X8eqWKiaMGJBlwaJEPUSmL4SiZo+ cW1plAYxc0CYq4lDWo3fcR7tBMQfp1ffDYUNn3DXvHChF1Ebi3zIdGl+oSeNP8hW OuaH6/P+qko0S/TNXAK5uaekrzjYv2pWm6xoM10fMVXiT8GiyjIGmSTTu6WvaiCA ITdy+o/jAfBiQsdFer2MYUna8QxjOy3XClKsy9+yjrj8ciekC4nOPHdz3/CYfOha cojPRl2Qd2KSWfEUoze2IqPrr3iAnKFKH6a+WU1XQZuo6r3uo0Q= =fTIm -----END PGP SIGNATURE----- . 8) - x86_64 3. ========================================================================= Ubuntu Security Notice USN-4094-1 August 13, 2019 linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23 linux-image-4.15.0-1040-gcp 4.15.0-1040.42 linux-image-4.15.0-1040-gke 4.15.0-1040.42 linux-image-4.15.0-1042-kvm 4.15.0-1042.42 linux-image-4.15.0-1043-raspi2 4.15.0-1043.46 linux-image-4.15.0-1050-oem 4.15.0-1050.57 linux-image-4.15.0-1060-snapdragon 4.15.0-1060.66 linux-image-4.15.0-58-generic 4.15.0-58.64 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64 linux-image-4.15.0-58-lowlatency 4.15.0-58.64 linux-image-gcp 4.15.0.1040.42 linux-image-generic 4.15.0.58.60 linux-image-generic-lpae 4.15.0.58.60 linux-image-gke 4.15.0.1040.43 linux-image-gke-4.15 4.15.0.1040.43 linux-image-kvm 4.15.0.1042.42 linux-image-lowlatency 4.15.0.58.60 linux-image-oem 4.15.0.1050.54 linux-image-oracle 4.15.0.1021.24 linux-image-powerpc-e500mc 4.15.0.58.60 linux-image-powerpc-smp 4.15.0.58.60 linux-image-powerpc64-emb 4.15.0.58.60 linux-image-powerpc64-smp 4.15.0.58.60 linux-image-raspi2 4.15.0.1043.41 linux-image-snapdragon 4.15.0.1060.63 linux-image-virtual 4.15.0.58.60 Ubuntu 16.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23~16.04.1 linux-image-4.15.0-1040-gcp 4.15.0-1040.42~16.04.1 linux-image-4.15.0-1055-azure 4.15.0-1055.60 linux-image-4.15.0-58-generic 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-lowlatency 4.15.0-58.64~16.04.1 linux-image-azure 4.15.0.1055.58 linux-image-gcp 4.15.0.1040.54 linux-image-generic-hwe-16.04 4.15.0.58.79 linux-image-generic-lpae-hwe-16.04 4.15.0.58.79 linux-image-gke 4.15.0.1040.54 linux-image-lowlatency-hwe-16.04 4.15.0.58.79 linux-image-oem 4.15.0.58.79 linux-image-oracle 4.15.0.1021.15 linux-image-virtual-hwe-16.04 4.15.0.58.79 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4094-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856, CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42 https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1 . (CVE-2019-10126) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. (CVE-2019-13272) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 54.1 | lowlatency, generic | | 4.4.0-150.176 | 54.1 | generic, lowlatency | | 4.4.0-151.178 | 54.1 | lowlatency, generic | | 4.4.0-154.181 | 54.1 | lowlatency, generic | | 4.4.0-157.185 | 54.1 | lowlatency, generic | | 4.15.0-50.54 | 54.2 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-51.55 | 54.2 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-52.56 | 54.2 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-54.58 | 54.2 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-55.60 | 54.2 | generic, lowlatency | References: CVE-2018-1129, CVE-2019-2101, CVE-2019-3846, CVE-2019-10126, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13272 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-alt security, bug fix, and enhancement update Advisory ID: RHSA-2019:2809-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2809 Issue date: 2019-09-20 CVE Names: CVE-2019-5489 CVE-2019-6974 CVE-2019-13272 ==================================================================== 1. Summary: An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le 3. Description: The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es): * Kernel: page cache side channel attacks (CVE-2019-5489) * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967) * [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534) * RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1673613) * RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979) * RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ#1710304) * kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127) * RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836) * RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ#1717906) * fragmented packets timing out (BZ#1729066) * Backport TCP follow-up for small buffers (BZ#1733617) Enhancement(s): * RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1664110 - CVE-2019-5489 Kernel: page cache side channel attacks 1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() 1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME 6. Package List: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: kernel-alt-4.14.0-115.12.1.el7a.src.rpm aarch64: kernel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.12.1.el7a.aarch64.rpm perf-4.14.0-115.12.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm noarch: kernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm ppc64le: kernel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-devel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-headers-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-libs-4.14.0-115.12.1.el7a.ppc64le.rpm perf-4.14.0-115.12.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm s390x: kernel-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.s390x.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-debuginfo-common-s390x-4.14.0-115.12.1.el7a.s390x.rpm kernel-devel-4.14.0-115.12.1.el7a.s390x.rpm kernel-headers-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-devel-4.14.0-115.12.1.el7a.s390x.rpm perf-4.14.0-115.12.1.el7a.s390x.rpm perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm python-perf-4.14.0-115.12.1.el7a.s390x.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-libs-devel-4.14.0-115.12.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm noarch: kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm ppc64le: kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-libs-devel-4.14.0-115.12.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYS+G9zjgjWX9erEAQgWLQ/9E1IoTs6bpakJ6GIPIMJUeYDCRpXLRrHt CAdDGt7wQ2l5PUY2R98fiCs266c8Vaiqll6PDbFRDwHEI4gSkYnemdC3pdD/u1ct KEch6TBhUejC52t/Zvq2hrUItEj1oz35mVTv+cHHfX9HqVTdV+1SeOR+WoETy+I4 qdBKOSPybxtisp9fdczX0F3uzAfpHqCFVZ2OSvPJmDCZU20gjF+1h+HiyvS4iWT1 qrlMFQ1EliSMbjO/pCTj6PHIcOUNPg7tkx72s5E0qRd4Ja10nZ7QNUh8VGGHNQxb UYLfM7GojPgWx2UzjLo6EU5a9/Xuo6rwgTE5hKWGqZCm645RSv71tpTbdZJe6vnS cyzGIV7NtIvMF625LvimVBB/BSXZK3vYpSuBtcPnvKg2wAet83fIzQ4PtwBpzP7p NfFLvedXg2CRZIYbi5u6tzCqE2UKDpfvKWry8MyELDpt4b4iZEbHt0S4ZdfKzOvu ajvY2VuM414x0FZpWCEHFXT7dbcilf2ZBg0g0UgazRhumm9utfBsbmQz0fS7GcML Ef3YRj97YJPhGoeAQ8b+ox8Z+Q/J+/39smr94scd9FjhotlQgVh9zmd6c4IzisEE iwtg6J38bOHzXi9q3x3Fw4FTe6kUQHeOw9703w/EqojumKVCVCX6VoZ0tmAt720O ItDqWovzGmk=yv43 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2019-13272 // JVNDB: JVNDB-2019-006727 // VULMON: CVE-2019-13272 // PACKETSTORM: 154044 // PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 153970 // PACKETSTORM: 154043 // PACKETSTORM: 154316 // PACKETSTORM: 154245 // PACKETSTORM: 154553

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:ltversion:5.1.17

Trust: 1.8

vendor:redhatmodel:enterprise linux for real time for nfvscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv tusscope:eqversion:8.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time tusscope:eqversion:8.2

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.4.185

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.58

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.4.40

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv tusscope:eqversion:8.6

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time tusscope:eqversion:8.6

Trust: 1.0

vendor:netappmodel:service processorscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.185

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.60.3

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv tusscope:eqversion:8.8

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time tusscope:eqversion:8.8

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.133

Trust: 1.0

vendor:redhatmodel:enterprise linux for arm 64scope:eqversion:7.0_aarch64

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.1.39

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.2

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:netappmodel:h610sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.16.52

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.9.1

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.10

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:e-series performance analyzerscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux for real timescope:eqversion:8

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv tusscope:eqversion:8.4

Trust: 1.0

vendor:netappmodel:aff a700sscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time tusscope:eqversion:8.4

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.8.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.16.71

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:7.0_s390x

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-006727 // NVD: CVE-2019-13272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13272
value: HIGH

Trust: 1.0

NVD: CVE-2019-13272
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-809
value: HIGH

Trust: 0.6

VULMON: CVE-2019-13272
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13272
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-13272
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13272
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-13272 // JVNDB: JVNDB-2019-006727 // CNNVD: CNNVD-201907-809 // NVD: CVE-2019-13272

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2019-006727 // NVD: CVE-2019-13272

THREAT TYPE

local

Trust: 1.0

sources: PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 154043 // PACKETSTORM: 154245 // CNNVD: CNNVD-201907-809

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201907-809

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006727

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2019-13272

PATCH

title:ChangeLog-5.1.17url:https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17

Trust: 0.8

title:[SECURITY] [DLA 1862-1] linux security updateurl:https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html

Trust: 0.8

title:[SECURITY] [DLA 1863-1] linux-4.9 security updateurl:https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html

Trust: 0.8

title:DSA-4484url:https://www.debian.org/security/2019/dsa-4484

Trust: 0.8

title:FEDORA-2019-a95015e60furl:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/

Trust: 0.8

title:ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEMEurl:https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee

Trust: 0.8

title:Linux Kernel Archivesurl:http://www.kernel.org

Trust: 0.8

title:ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEMEurl:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee

Trust: 0.8

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192411 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel-rt security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192405 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4484-1 linux -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=f7aec913c227117e479ebfa6af2b1b9a

Trust: 0.1

title:Red Hat: CVE-2019-13272url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-13272

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4093-1

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4095-1

Trust: 0.1

title:Ubuntu Security Notice: linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4117-1

Trust: 0.1

title:IBM: IBM Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d9cd8f6d11c68af77f2f2bd27ca37bed

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4094-1

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (March 2021)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=afc44ca312a83d419e062241c4789aae

Trust: 0.1

title:Ubuntu Security Notice: linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4118-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:CVE-2019-13272 - Pkexec Local Privilege Escalationurl:https://github.com/asepsaepdin/CVE-2019-13272

Trust: 0.1

sources: VULMON: CVE-2019-13272 // JVNDB: JVNDB-2019-006727

EXTERNAL IDS

db:NVDid:CVE-2019-13272

Trust: 3.3

db:PACKETSTORMid:154245

Trust: 1.7

db:PACKETSTORMid:153663

Trust: 1.6

db:PACKETSTORMid:156929

Trust: 1.6

db:PACKETSTORMid:154957

Trust: 1.6

db:PACKETSTORMid:153702

Trust: 1.6

db:PACKETSTORMid:165051

Trust: 1.6

db:JVNDBid:JVNDB-2019-006727

Trust: 0.8

db:AUSCERTid:ESB-2019.4646

Trust: 0.6

db:AUSCERTid:ESB-2019.2704

Trust: 0.6

db:AUSCERTid:ESB-2019.4346

Trust: 0.6

db:AUSCERTid:ESB-2019.4252

Trust: 0.6

db:AUSCERTid:ESB-2019.2749

Trust: 0.6

db:AUSCERTid:ESB-2019.4346.2

Trust: 0.6

db:EXPLOIT-DBid:50541

Trust: 0.6

db:EXPLOIT-DBid:47163

Trust: 0.6

db:EXPLOIT-DBid:47133

Trust: 0.6

db:LENOVOid:LEN-29592

Trust: 0.6

db:CNNVDid:CNNVD-201907-809

Trust: 0.6

db:VULMONid:CVE-2019-13272

Trust: 0.1

db:PACKETSTORMid:154044

Trust: 0.1

db:PACKETSTORMid:154045

Trust: 0.1

db:PACKETSTORMid:153699

Trust: 0.1

db:PACKETSTORMid:153970

Trust: 0.1

db:PACKETSTORMid:154043

Trust: 0.1

db:PACKETSTORMid:154316

Trust: 0.1

db:PACKETSTORMid:154553

Trust: 0.1

sources: VULMON: CVE-2019-13272 // JVNDB: JVNDB-2019-006727 // PACKETSTORM: 154044 // PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 153970 // PACKETSTORM: 154043 // PACKETSTORM: 154316 // PACKETSTORM: 154245 // PACKETSTORM: 154553 // CNNVD: CNNVD-201907-809 // NVD: CVE-2019-13272

REFERENCES

url:https://bugs.chromium.org/p/project-zero/issues/detail?id=1903

Trust: 2.4

url:https://bugzilla.redhat.com/show_bug.cgi?id=1730895

Trust: 2.4

url:https://bugzilla.suse.com/show_bug.cgi?id=1140671

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13272

Trust: 2.2

url:http://packetstormsecurity.com/files/165051/linux-kernel-5.1.x-ptrace_traceme-pkexec-local-privilege-escalation.html

Trust: 2.2

url:http://packetstormsecurity.com/files/153663/linux-ptrace_traceme-broken-permission-object-lifetime-handling.html

Trust: 2.2

url:http://packetstormsecurity.com/files/156929/linux-ptrace_traceme-local-root.html

Trust: 2.2

url:https://www.debian.org/security/2019/dsa-4484

Trust: 2.2

url:http://packetstormsecurity.com/files/153702/slackware-security-advisory-slackware-14.2-kernel-updates.html

Trust: 2.2

url:https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html

Trust: 2.2

url:https://access.redhat.com/errata/rhsa-2019:2405

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2809

Trust: 1.7

url:http://packetstormsecurity.com/files/154957/linux-polkit-pkexec-helper-ptrace_traceme-local-root.html

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20190806-0001/

Trust: 1.6

url:https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.1.17

Trust: 1.6

url:https://support.f5.com/csp/article/k91025336

Trust: 1.6

url:https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html

Trust: 1.6

url:https://seclists.org/bugtraq/2019/jul/30

Trust: 1.6

url:https://usn.ubuntu.com/4094-1/

Trust: 1.6

url:https://seclists.org/bugtraq/2019/jul/33

Trust: 1.6

url:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee

Trust: 1.6

url:https://usn.ubuntu.com/4117-1/

Trust: 1.6

url:https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee

Trust: 1.6

url:https://usn.ubuntu.com/4093-1/

Trust: 1.6

url:https://access.redhat.com/errata/rhsa-2019:2411

Trust: 1.6

url:https://usn.ubuntu.com/4095-1/

Trust: 1.6

url:http://packetstormsecurity.com/files/154245/kernel-live-patch-security-notice-lsn-0054-1.html

Trust: 1.6

url:https://usn.ubuntu.com/4118-1/

Trust: 1.6

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/

Trust: 1.0

url:https://support.f5.com/csp/article/k91025336?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13272

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/

Trust: 0.6

url:https://support.f5.com/csp/article/k91025336?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html

Trust: 0.6

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193255-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193252-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193249-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193248-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193247-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193258-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193260-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193261-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193263-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193246-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2704/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2749/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4646/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-29592

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4252/

Trust: 0.6

url:https://www.exploit-db.com/exploits/50541

Trust: 0.6

url:https://www.exploit-db.com/exploits/47133

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-ptrace-link-29820

Trust: 0.6

url:https://www.exploit-db.com/exploits/47163

Trust: 0.6

url:https://packetstormsecurity.com/files/153663/linux-ptrace/traceme-broken-permission-object-lifetime-handling.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346.2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-10126

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-3846

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-12614

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-1125

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-12984

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13233

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-5383

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13272

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12818

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-2101

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12819

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11599

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1054.61

Trust: 0.1

url:https://usn.ubuntu.com/4095-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.4.0-159.187

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1122.128

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1090.101

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1118.127

Trust: 0.1

url:https://usn.ubuntu.com/4093-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1013.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1013.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-25.26~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1018.19

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1014.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1014.14~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.0.0-25.26

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1014.14

Trust: 0.1

url:https://security-tracker.debian.org/tracker/linux

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1125

Trust: 0.1

url:https://access.redhat.com/articles/4329821

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16862

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2024

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14610

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20856

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13098

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14609

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13093

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20169

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14614

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13053

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42

Trust: 0.1

url:https://usn.ubuntu.com/4094-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13099

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20511

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13100

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13096

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10638

Trust: 0.1

url:https://usn.ubuntu.com/4117-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3900

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14284

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14283

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1014.16

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1129

Trust: 0.1

url:https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5489

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-6974

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6974

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5489

Trust: 0.1

sources: JVNDB: JVNDB-2019-006727 // PACKETSTORM: 154044 // PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 153970 // PACKETSTORM: 154043 // PACKETSTORM: 154316 // PACKETSTORM: 154245 // PACKETSTORM: 154553 // CNNVD: CNNVD-201907-809 // NVD: CVE-2019-13272

CREDITS

Google Security Research, Ventsislav Varbanovski,Metasploit,nu11secur1ty,Jann Horn,bcoles

Trust: 0.6

sources: CNNVD: CNNVD-201907-809

SOURCES

db:VULMONid:CVE-2019-13272
db:JVNDBid:JVNDB-2019-006727
db:PACKETSTORMid:154044
db:PACKETSTORMid:154045
db:PACKETSTORMid:153699
db:PACKETSTORMid:153970
db:PACKETSTORMid:154043
db:PACKETSTORMid:154316
db:PACKETSTORMid:154245
db:PACKETSTORMid:154553
db:CNNVDid:CNNVD-201907-809
db:NVDid:CVE-2019-13272

LAST UPDATE DATE

2024-12-21T19:27:09.421000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-13272date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2019-006727date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201907-809date:2021-11-25T00:00:00
db:NVDid:CVE-2019-13272date:2024-11-21T04:24:35.753

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-13272date:2019-07-17T00:00:00
db:JVNDBid:JVNDB-2019-006727date:2019-07-25T00:00:00
db:PACKETSTORMid:154044date:2019-08-13T17:45:06
db:PACKETSTORMid:154045date:2019-08-13T17:45:15
db:PACKETSTORMid:153699date:2019-07-20T19:11:11
db:PACKETSTORMid:153970date:2019-08-07T20:10:41
db:PACKETSTORMid:154043date:2019-08-13T17:45:00
db:PACKETSTORMid:154316date:2019-09-02T23:48:33
db:PACKETSTORMid:154245date:2019-08-28T23:02:22
db:PACKETSTORMid:154553date:2019-09-20T15:08:09
db:CNNVDid:CNNVD-201907-809date:2019-07-16T00:00:00
db:NVDid:CVE-2019-13272date:2019-07-17T13:15:10.687