CVE-2019-13648

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html

http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

http://www.openwall.com/lists/oss-security/2019/07/30/1

https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe

https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/GRK2MW223KQZ76DKEF2BZFN6TCXLZLDS/

https://patchwork.ozlabs.org/patch/1133904/

https://seclists.org/bugtraq/2019/Aug/13

https://seclists.org/bugtraq/2019/Aug/18

https://seclists.org/bugtraq/2019/Aug/26

https://security.netapp.com/advisory/ntap-20190806-0001/

https://usn.ubuntu.com/4114-1/

https://usn.ubuntu.com/4115-1/

https://usn.ubuntu.com/4116-1/

https://www.debian.org/security/2019/dsa-4495

https://www.debian.org/security/2019/dsa-4497

Details

Source: MITRE

Published: 2019-07-19

Updated: 2019-07-30

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.2.1 (inclusive)

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
145665CentOS 8 : kernel (CESA-2019:3517)NessusCentOS Local Security Checks
critical
138802RHEL 7 : kernel (RHSA-2020:3019)NessusRed Hat Local Security Checks
medium
135813Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
high
135316CentOS 7 : kernel (CESA-2020:1016)NessusCentOS Local Security Checks
high
135080RHEL 7 : kernel (RHSA-2020:1016)NessusRed Hat Local Security Checks
high
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
129440EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2081)NessusHuawei Local Security Checks
critical
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
128929EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)NessusHuawei Local Security Checks
critical
128842EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)NessusHuawei Local Security Checks
high
128680Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2)NessusUbuntu Local Security Checks
critical
128476Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4116-1)NessusUbuntu Local Security Checks
medium
128475Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, (USN-4115-1)NessusUbuntu Local Security Checks
critical
128474Ubuntu 18.04 LTS / 19.04 : linux, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, (USN-4114-1)NessusUbuntu Local Security Checks
medium
128470SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)NessusSuSE Local Security Checks
high
128469SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2262-1)NessusSuSE Local Security Checks
medium
128012openSUSE Security Update : the Linux Kernel (openSUSE-2019-1924)NessusSuSE Local Security Checks
medium
128011openSUSE Security Update : the Linux Kernel (openSUSE-2019-1923)NessusSuSE Local Security Checks
medium
127921Debian DLA-1885-1 : linux-4.9 security updateNessusDebian Local Security Checks
high
127882Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-226-01)NessusSlackware Local Security Checks
high
127867Debian DSA-4497-1 : linux - security updateNessusDebian Local Security Checks
high
127776SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2073-1)NessusSuSE Local Security Checks
medium
127775SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2072-1)NessusSuSE Local Security Checks
medium
127774SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2071-1)NessusSuSE Local Security Checks
medium
127773SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2070-1)NessusSuSE Local Security Checks
medium
127772SUSE SLED15 / SLES15 Security Update : Linux Azure Kernel (SUSE-SU-2019:2068-1)NessusSuSE Local Security Checks
medium
127517Fedora 30 : kernel / kernel-headers / kernel-tools (2019-7aecfe1c4b)NessusFedora Local Security Checks
medium
127491Debian DSA-4495-1 : linux - security updateNessusDebian Local Security Checks
high