CVE-2019-19339
kpatch: hw: incomplete fix for CVE-2018-12207
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.
Se detectó que la actualización de Red Hat Enterprise Linux 8 kpatch no incluía la corrección completa para CVE-2018-12207. Se detectó un defecto en la forma en que las CPU Intel manejan la incoherencia entre las traducciones de direcciones de memoria virtual a física en la memoria caché local de la CPU y las entradas de la estructura de paginación del software del sistema. Un usuario invitado con privilegios puede utilizar este defecto para inducir un error de comprobación de máquina de hardware en el procesador host, lo que resulta en un escenario de DoS grave al detener el procesador. El software del sistema como OS O Virtual Machine Monitor (VMM) utiliza el sistema de memoria virtual para almacenar las instrucciones y los datos del programa en la memoria. El sistema de memoria virtual utiliza estructuras de paginación como tablas de páginas y directorios de página para administrar la memoria del sistema. La unidad de administración de memoria (MMU) del procesador utiliza entradas de estructura de paginación para traducir las direcciones de memoria virtual del programa a direcciones de memoria física. El procesador almacena estas traducciones de direcciones en su búfer de caché local llamado - Búfer de búsqueda de traducción (TLB). TLB tiene dos partes, una para instrucciones y otra para direcciones de datos. El software del sistema puede modificar sus entradas de estructura de paginación para cambiar las asignaciones de direcciones O ciertos atributos como el tamaño de página, etc. Tras tales alteraciones de la estructura de paginación en la memoria, el software del sistema debe invalidar las traducciones de direcciones correspondientes en la memoria caché TLB del procesador. Pero antes de que se lleve a cabo esta invalidación de TLB, un usuario invitado con privilegios puede desencadenar una operación de obtención de instrucciones, que podría usar una traducción de dirección virtual a física de la instrucción TLB (ITLB) ya almacenada en caché, pero ahora no válida. De este modo, se accede a una dirección de memoria física no válida y se detiene el procesador debido al error de comprobación de máquina (MCE) en el cambio de tamaño de página.
It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207.
A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor.
System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses.
System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-27 CVE Reserved
- 2019-12-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-805: Buffer Access with Incorrect Length Value
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19339 | 2020-10-19 | |
https://access.redhat.com/security/cve/CVE-2019-19339 | 2019-12-17 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1782199 | 2019-12-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.1 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.1" | - |
Affected
|