#VU17367 Information disclosure in Linux kernel - CVE-2019-7308

Cybersecurity Help s.r.o.

Published: 2019-02-04

Vulnerability identifier: #VU17367

Vulnerability risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-7308

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to out-of-bounds speculation on pointer arithmetic in various cases in kernel/bpf/verifier.c, including cases of different branches with different state or limits to sanitize. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 4.18 - 4.19.19, 4.20.1 - 4.20.5

External links
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=979d63d50c0c0f7bc537bf821e056cc9fe5abd38
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3bd7413e0ca40b60cf60d4003246d067cafdeda
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.6
https://github.com/torvalds/linux/commit/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
https://github.com/torvalds/linux/commit/d3bd7413e0ca40b60cf60d4003246d067cafdeda

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Amazon Linux AMI update for kernel

OpenSUSE Linux update for the Linux Kernel

Fedora 28 update for kernel, kernel-headers

Fedora 29 update for kernel, kernel-headers