CVE-2019-6974 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
linux	linux_kernel	3.10 ≤ 𝑥 < 3.16.64
linux	linux_kernel	3.17 ≤ 𝑥 < 3.18.136
linux	linux_kernel	3.19 ≤ 𝑥 < 4.4.176
linux	linux_kernel	4.5 ≤ 𝑥 < 4.9.156
linux	linux_kernel	4.10 ≤ 𝑥 < 4.14.99
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.21
linux	linux_kernel	4.20 ≤ 𝑥 < 4.20.8
debian	debian_linux	8.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
f5	big-ip_access_policy_manager	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_access_policy_manager	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_access_policy_manager	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_advanced_firewall_manager	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_advanced_firewall_manager	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_advanced_firewall_manager	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_analytics	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_analytics	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_analytics	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_application_acceleration_manager	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_application_acceleration_manager	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_application_acceleration_manager	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_application_security_manager	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_application_security_manager	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_application_security_manager	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_edge_gateway	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_edge_gateway	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_edge_gateway	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_fraud_protection_service	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_fraud_protection_service	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_fraud_protection_service	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_global_traffic_manager	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_global_traffic_manager	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_global_traffic_manager	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_link_controller	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_link_controller	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_link_controller	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_local_traffic_manager	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_local_traffic_manager	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_local_traffic_manager	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_policy_enforcement_manager	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_policy_enforcement_manager	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_policy_enforcement_manager	15.0.0 ≤ 𝑥 < 15.1.0
f5	big-ip_webaccelerator	13.0.0 ≤ 𝑥 ≤ 13.1.1
f5	big-ip_webaccelerator	14.0.0 ≤ 𝑥 ≤ 14.1.0
f5	big-ip_webaccelerator	15.0.0 ≤ 𝑥 < 15.1.0
redhat	openshift_container_platform	3.11
redhat	enterprise_linux	7.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.5
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.4
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_eus	7.6
redhat	enterprise_linux_server_tus	7.4
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_workstation	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
sid	6.11.5-1 fixed
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

disco	not-affected
cosmic	Fixed 4.18.0-17.18 released
bionic	Fixed 4.15.0-47.50 released
xenial	Fixed 4.4.0-145.171 released
trusty	Fixed 3.13.0-168.218 released

linux-aws

disco	not-affected
cosmic	Fixed 4.18.0-1012.14 released
bionic	Fixed 4.15.0-1035.37 released
xenial	Fixed 4.4.0-1079.89 released
trusty	Fixed 4.4.0-1040.43 released

linux-aws-hwe

disco	dne
cosmic	dne
bionic	dne
xenial	Fixed 4.15.0-1035.37~16.04.1 released
trusty	dne

linux-azure

disco	not-affected
cosmic	Fixed 4.18.0-1014.14 released
bionic	Fixed 4.18.0-1014.14~18.04.1 released
xenial	Fixed 4.15.0-1041.45 released
trusty	Fixed 4.15.0-1041.45~14.04.1 released

linux-azure-edge

disco	dne
cosmic	dne
bionic	Fixed 4.18.0-1014.14~18.04.1 released
xenial	Fixed 4.15.0-1041.45 released
trusty	dne

linux-euclid

disco	dne
cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-flo

disco	dne
cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-gcp

disco	not-affected
cosmic	Fixed 4.18.0-1008.9 released
bionic	Fixed 4.15.0-1029.31 released
xenial	Fixed 4.15.0-1029.31~16.04.1 released
trusty	dne

linux-gcp-edge

disco	dne
cosmic	dne
bionic	Fixed 4.18.0-1008.9~18.04.1 released
xenial	dne
trusty	dne

linux-gke

disco	dne
cosmic	dne
bionic	not-affected
xenial	ignored
trusty	dne

linux-goldfish

disco	dne
cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-grouper

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe

disco	dne
cosmic	dne
bionic	Fixed 4.18.0-17.18~18.04.1 released
xenial	Fixed 4.15.0-47.50~16.04.1 released
trusty	dne

linux-hwe-edge

disco	dne
cosmic	dne
bionic	not-affected
xenial	Fixed 4.15.0-47.50~16.04.1 released
trusty	dne

linux-kvm

disco	not-affected
cosmic	Fixed 4.18.0-1009.9 released
bionic	Fixed 4.15.0-1031.31 released
xenial	Fixed 4.4.0-1043.49 released
trusty	dne

linux-lts-trusty

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-utopic

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	ignored

linux-lts-vivid

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	ignored

linux-lts-wily

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	ignored

linux-lts-xenial

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	Fixed 4.4.0-144.170~14.04.1 released

linux-maguro

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-mako

disco	dne
cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-manta

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

disco	not-affected
cosmic	Fixed 4.15.0-1035.40 released
bionic	Fixed 4.15.0-1035.40 released
xenial	ignored
trusty	dne

linux-oracle

disco	not-affected
cosmic	Fixed 4.15.0-1010.12 released
bionic	Fixed 4.15.0-1010.12 released
xenial	Fixed 4.15.0-1010.12~16.04.1 released
trusty	dne

linux-raspi2

disco	not-affected
cosmic	Fixed 4.18.0-1011.13 released
bionic	Fixed 4.15.0-1033.35 released
xenial	Fixed 4.4.0-1106.114 released
trusty	dne

linux-snapdragon

disco	not-affected
cosmic	dne
bionic	Fixed 4.15.0-1053.57 released
xenial	Fixed 4.4.0-1110.115 released
trusty	dne

Known Exploits!

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9

http://www.securityfocus.com/bid/107127

https://access.redhat.com/errata/RHBA-2019:0959

https://access.redhat.com/errata/RHSA-2019:0818

https://access.redhat.com/errata/RHSA-2019:0833

https://access.redhat.com/errata/RHSA-2019:2809

https://access.redhat.com/errata/RHSA-2019:3967

https://access.redhat.com/errata/RHSA-2020:0103

https://bugs.chromium.org/p/project-zero/issues/detail?id=1765

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156

https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

https://support.f5.com/csp/article/K11186236

https://support.f5.com/csp/article/K11186236?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/3930-1/

https://usn.ubuntu.com/3930-2/

https://usn.ubuntu.com/3931-1/

https://usn.ubuntu.com/3931-2/

https://usn.ubuntu.com/3932-1/

https://usn.ubuntu.com/3932-2/

https://usn.ubuntu.com/3933-1/

https://usn.ubuntu.com/3933-2/

https://www.exploit-db.com/exploits/46388/