Numeric Errors

CVE-2019-7308

Medium

5.6/10

Summary

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-189 - Numeric Errors

Weaknesses in this category are related to improper calculation or conversion of numbers.

References

Advisory Timeline

Published Feb 01, 2019

Numeric Errors

CVE-2019-7308

Summary

CWE-189 - Numeric Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS