CVE-2019-12817

Published: Jun 25, 2019Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.

Affected (17)

Products: Canonical: Ubuntu Linux · Linux: Linux Kernel · Fedoraproject: Fedora · +3 more

Show all products

Canonical: Ubuntu Linux · Linux: Linux Kernel · Fedoraproject: Fedora · Debian: Debian Linux · Opensuse: Leap · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus

1 product

1 product

1 product

1 product

1 product

4 products

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10
Canonical Ubuntu Linux	Version 19.04

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.1.15

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Configuration F

8 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Eus	Version 8.1
Redhat Enterprise Linux Eus	Version 8.2
Redhat Enterprise Linux Eus	Version 8.4
Redhat Enterprise Linux Server Aus	Version 8.2
Redhat Enterprise Linux Server Aus	Version 8.4
Redhat Enterprise Linux Server Tus	Version 8.2
Redhat Enterprise Linux Server Tus	Version 8.4

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (26)

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/06/24/5

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108884

Source: cve@mitre.org

Broken Link

https://access.redhat.com/errata/RHSA-2019:2703

Source: cve@mitre.org

Third Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.15

Source: cve@mitre.org

Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca72d88378b2f2444d3ec145dd442d449d3fefbc

Source: cve@mitre.org

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTLN3KQYEEWWAJYA4BUYYDMWWXCJQNV2/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSKLL2374YGFQR6LSVCFGTTCRGBTLAWZ/

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/Aug/13

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://support.f5.com/csp/article/K12876166

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K12876166?utm_source=f5support&amp%3Butm_medium=RSS

Source: cve@mitre.org

https://usn.ubuntu.com/4031-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4495

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/06/24/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108884

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://access.redhat.com/errata/RHSA-2019:2703

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.15

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca72d88378b2f2444d3ec145dd442d449d3fefbc

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTLN3KQYEEWWAJYA4BUYYDMWWXCJQNV2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSKLL2374YGFQR6LSVCFGTTCRGBTLAWZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Aug/13

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://support.f5.com/csp/article/K12876166

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.f5.com/csp/article/K12876166?utm_source=f5support&amp%3Butm_medium=RSS

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4031-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2019/dsa-4495

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.