CVE-2019-19602
kernel: cached use of fpu_fpregs_owner_ctx in arch/x86/include/asm/fpu/internal.h can lead to DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.
La función fpregs_state_valid en el archivo arch/x86/include/asm/fpu/internal.h en el kernel de Linux versiones anteriores a 5.4.2, cuando es usado GCC versión 9, permite a atacantes dependiendo del contexto causar una denegación de servicio (corrupción de memoria) o posiblemente tener otros impactos no especificados debido a un almacenamiento en caché incorrecto de fpu_fpregs_owner_ctx, como es demostrado por el manejo inapropiado de la preferencia no cooperativa basada en señal en Go versiones 1.14 preliminares a amd64, también se conoce como CID-59c4 anywhere53abc.
A flaw was found in the Linux kernel. When compiled with GCC 9, a vector register corruption occurs on return from a signal handler where the top page of the signal stack had not yet been paged in which can allow a local attacker with special user privilege (or root) to leak kernel internal information. The highest threat from this vulnerability is to data confidentiality.
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-05 CVE Reserved
- 2019-12-05 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-672: Operation on a Resource after Expiration or Release
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.kernel.org/show_bug.cgi?id=205663 | Issue Tracking | |
| https://github.com/golang/go/issues/35777#issuecomment-561935388 | Issue Tracking | |
| https://security.netapp.com/advisory/ntap-20200103-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2 | 2020-08-24 | |
| https://usn.ubuntu.com/4284-1 | 2020-08-24 | |
| https://access.redhat.com/security/cve/CVE-2019-19602 | 2020-11-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1784572 | 2020-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.4.2 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.2" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||