Alpaquita Linux
Security Advisory

CVE-2019-7308

Published: February 1, 2019Last modified: November 9, 2023

Description

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.

Severity score breakdown

ParameterValue
Base score5.6
Attack VectorLOCAL
Attack complexityHIGH
Privileges requiredLOW
User interactionNONE
ScopeCHANGED
ConfidentialityHIGH
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita LinuxStreamlinux-ltsUnknown (6.1.33-r0)

References

ON THIS PAGE