CVE-2019-19602

CVE Details

Release Date:2019-12-05
Impact:None What is this?

Description


fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.

See more information about CVE-2019-19602 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 6.1
Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Version: 3.0
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: Low

Errata information


PlatformErrataRelease Date
Oracle Linux version 8 (kernel)ELSA-2020-44312020-11-10


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete