kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)
References
Link | Resource |
---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | Mailing List Patch Vendor Advisory |
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425 | Mailing List Patch Vendor Advisory |
https://github.com/kubernetes/kubernetes/issues/67577 | Issue Tracking Patch Third Party Advisory |
https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html | Mailing List Third Party Advisory |
https://relistan.com/the-kernel-may-be-slowing-down-your-app | Exploit Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200204-0002/ | Third Party Advisory |
https://usn.ubuntu.com/4226-1/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
14 Dec 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_baseboard_management_controller:a700:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200204-0002/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
First Time |
Canonical
Debian Netapp cloud Backup Netapp solidfire \& Hci Management Node Netapp fas\/aff Baseboard Management Controller Netapp solidfire Baseboard Management Controller Canonical ubuntu Linux Oracle sd-wan Edge Netapp aff Baseboard Management Controller Netapp steelstore Cloud Integrated Storage Netapp active Iq Unified Manager Netapp e-series Santricity Os Controller Netapp Netapp hci Baseboard Management Controller Oracle Debian debian Linux Netapp data Availability Services |
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-12-22 20:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-19922
Mitre link : CVE-2019-19922
CVE.ORG link : CVE-2019-19922
JSON object : View
Products Affected
debian
- debian_linux
netapp
- hci_baseboard_management_controller
- aff_baseboard_management_controller
- active_iq_unified_manager
- solidfire_baseboard_management_controller
- cloud_backup
- data_availability_services
- fas\/aff_baseboard_management_controller
- solidfire_\&_hci_management_node
- e-series_santricity_os_controller
- steelstore_cloud_integrated_storage
linux
- linux_kernel
oracle
- sd-wan_edge
canonical
- ubuntu_linux
CWE
CWE-400
Uncontrolled Resource Consumption