CVE-2019-19339Buffer Access with Incorrect Length Value in RED HAT Kpatch

CWE-805Buffer Access with Incorrect Length Value5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 69.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
RED HAT KpatchRedhat Enterprise LinuxRedhat Enterprise Linux EUS
Timeline
PublishedJan 17
Latest updateMay 24

Description

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virt

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages1 packages

CVEListV5red_hat/kpatchn/a

Also affects: Enterprise Linux 8.0, 8.1

🔴Vulnerability Details

2
GHSA
GHSA-3848-jq8g-9mvf: It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-122072022-05-24
CVEList
CVE-2019-19339: It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-122072020-01-17

📋Vendor Advisories

1
Red Hat
kpatch: hw: incomplete fix for CVE-2018-122072019-12-11

💬Community

1
Bugzilla
CVE-2019-19339 kpatch: hw: incomplete fix for CVE-2018-122072019-12-11
CVE-2019-19339 — RED HAT Kpatch vulnerability | cvebase