CVE-2019-19922

Published: Dic 22, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-9511 Aliases: GSD-2019-19922
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
LOW 2,1
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial

Description

AI Translation Available

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0011
Percentile
0,3th
Updated

EPSS Score Trend (Last 90 Days)

400

Uncontrolled Resource Consumption

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
Hardware

Solidfire Baseboard Management Controller by Netapp

Product Information
Vendor Netapp
Product Solidfire Baseboard Management Controller
Version -
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Data Availability Services by Netapp

Product Information
Vendor Netapp
Product Data Availability Services
Version -
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Active Iq Unified Manager by Netapp

Product Information
Vendor Netapp
Product Active Iq Unified Manager
Version -
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Common Platform Enumeration - Standardized vulnerability identification
Hardware

Aff Baseboard Management Controller by Netapp

Product Information
Vendor Netapp
Product Aff Baseboard Management Controller
Version a700
cpe:2.3:h:netapp:aff_baseboard_management_controller:a700:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Cloud Backup by Netapp

Product Information
Vendor Netapp
Product Cloud Backup
Version -
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fas\/Aff Baseboard Management Controller by Netapp

Product Information
Vendor Netapp
Product Fas\/Aff Baseboard Management Controller
Version -
cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
To 5.3.9 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Sd-Wan Edge by Oracle

Product Information
Vendor Oracle
Product Sd-Wan Edge
Version 8.2
cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

E-Series Santricity Os Controller by Netapp

Product Information
Vendor Netapp
Product E-Series Santricity Os Controller
Version Range Affected
From 11.0 (inclusive)
To 11.70.2 (inclusive)
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Solidfire \& Hci Management Node by Netapp

Product Information
Vendor Netapp
Product Solidfire \& Hci Management Node
Version -
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hci Baseboard Management Controller by Netapp

Product Information
Vendor Netapp
Product Hci Baseboard Management Controller
Version h610s
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Steelstore Cloud Integrated Storage by Netapp

Product Information
Vendor Netapp
Product Steelstore Cloud Integrated Storage
Version -
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
Mailing List Patch Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
https://github.com/kubernetes/kubernetes/issues/67577
Issue Tracking Patch Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/67577
https://github.com/torvalds/linux/commit/de53fd7aedb100f03e…
Patch Third Party Advisory
https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e49932824…
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux…
Mailing List Patch Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53…
https://lists.debian.org/debian-lts-announce/2020/01/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
https://relistan.com/the-kernel-may-be-slowing-down-your-app
Exploit Third Party Advisory
https://relistan.com/the-kernel-may-be-slowing-down-your-app
https://security.netapp.com/advisory/ntap-20200204-0002/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200204-0002/
https://usn.ubuntu.com/4226-1/
Third Party Advisory
https://usn.ubuntu.com/4226-1/
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
Mailing List Patch Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
https://github.com/kubernetes/kubernetes/issues/67577
Issue Tracking Patch Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/67577
https://github.com/torvalds/linux/commit/de53fd7aedb100f03e…
Patch Third Party Advisory
https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e49932824…
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux…
Mailing List Patch Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53…
https://lists.debian.org/debian-lts-announce/2020/01/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
https://relistan.com/the-kernel-may-be-slowing-down-your-app
Exploit Third Party Advisory
https://relistan.com/the-kernel-may-be-slowing-down-your-app
https://security.netapp.com/advisory/ntap-20200204-0002/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200204-0002/
https://usn.ubuntu.com/4226-1/
Third Party Advisory
https://usn.ubuntu.com/4226-1/
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html