Published: 01/02/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1

VMScore: 419

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

kernel/bpf/verifier.c in the Linux kernel prior to 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
opensuse leap 15.0

A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet The response to this sp ...

Several security issues were fixed in the Linux kernel ...

A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet The response to this sp ...

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_bufferc in the Linux kernel before 539 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (CVE-2019-19060) A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel The code in the kernel/bpf/verifier ...

CWE-189 https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6 https://bugs.chromium.org/p/project-zero/issues/detail?id=1711 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38 http://www.securityfocus.com/bid/106827 https://usn.ubuntu.com/3931-2/https://usn.ubuntu.com/3931-1/https://usn.ubuntu.com/3930-2/https://usn.ubuntu.com/3930-1/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html https://support.f5.com/csp/article/K43030517 https://support.f5.com/csp/article/K43030517?utm_source=f5support&%3Butm_medium=RSS https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2019-1201.html https://usn.ubuntu.com/3930-1/

CVE-2019-7308

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect