5.6

CVE-2019-7308

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.19
LinuxLinux Kernel Version >= 4.20.0 < 4.20.6
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
OpensuseLeap Version15.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.091
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.6 1.1 4
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
nvd@nist.gov 4.7 3.4 6.9
AV:L/AC:M/Au:N/C:C/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://usn.ubuntu.com/3931-1/
Third Party Advisory
https://usn.ubuntu.com/3931-2/
Third Party Advisory
https://usn.ubuntu.com/3930-1/
Third Party Advisory
https://usn.ubuntu.com/3930-2/
Third Party Advisory
http://www.securityfocus.com/bid/106827
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
Patch
Third Party Advisory
Issue Tracking