CVE-2019-19922
Summary
| CVE | CVE-2019-19922 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-12-22 20:15:00 UTC |
| Updated | 2022-12-14 19:15:00 UTC |
| Description | kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Hardware | Netapp | Aff Baseboard Management Controller | a700 | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Netapp | Data Availability Services | - | All | All | All |
| Application | Netapp | E-series Santricity Os Controller | All | All | All | All |
| Application | Netapp | Fas/aff Baseboard Management Controller | - | All | All | All |
| Application | Netapp | Hci Baseboard Management Controller | h610s | All | All | All |
| Hardware | Netapp | Solidfire Baseboard Management Controller | - | All | All | All |
| Application | Netapp | Solidfire Hci Management Node | - | All | All | All |
| Application | Netapp | Steelstore Cloud Integrated Storage | - | All | All | All |
| Application | Oracle | Sd-wan Edge | 8.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CFS quotas can lead to unnecessary throttling · Issue #67577 · kubernetes/kubernetes · GitHub | MISC | github.com | Issue Tracking, Patch, Third Party Advisory |
| January 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| USN-4226-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| sched/fair: Fix low cpu usage with high throttling by removing expira… · torvalds/linux@de53fd7 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | MISC | cdn.kernel.org | Mailing List, Patch, Vendor Advisory |
| [SECURITY] [DLA 2068-1] linux security update | MLIST | lists.debian.org | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | MISC | git.kernel.org | Mailing List, Patch, Vendor Advisory |
| The Kernel Change That May Be Slowing Down Your App – Repeatable Systems | MISC | relistan.com | Exploit, Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2021 | MISC | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.