Homepage
About Snyk

Race Condition Affecting kernel-tools package, versions <0:4.18.0-193.13.2.el8_2

Severity

 Recommended
high

Based on CentOS security rating

    Threat Intelligence

    EPSS
    0.05% (21st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-CENTOS8-KERNELTOOLS-2044165
  • published 26 Jul 2021
  • disclosed 30 Jan 2020
Report a new vulnerability Found a mistake?

Introduced: 30 Jan 2020

CVE-2019-3016 Open this link in a new tab
CWE-362 Open this link in a new tab
CWE-200 Open this link in a new tab

How to fix?

Upgrade Centos:8 kernel-tools to version 0:4.18.0-193.13.2.el8_2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-tools package and not the kernel-tools package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.

References

CVSS Scores

version 3.1
Expand this section

NVD

4.7 medium
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    Low
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    None
  • Availability (A)
    None
Expand this section

Red Hat

2.5 low