Out-Of-Bounds Read

2019-05-1603:58:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

28.1%

JSON

Linux kernel is vulnerable to out-of-bounds read vulnerability. The vulnerability exists in the adjust_scalar_min_max_vals() function in kernel/bpf/verifier.c due to faulty computation of numeric bounds in the BPF verifier as it mishandles 32-bit right shifts causing an out-of-bounds memory access.

CPENameOperatorVersion
kerneleq3.10.0__862.el7
kerneleq3.10.0__693.el7
kerneleq3.10.0__693.5.2.p7ih.el7
kerneleq3.10.0__514.16.1.el7
kerneleq3.10.0__957.1.3.el7
kerneleq3.10.0__862.2.3.el7
kerneleq3.10.0__693.21.1.el7
kerneleq3.10.0__693.11.6.el7
kerneleq3.10.0__957.5.1.el7
kerneleq3.10.0__862.11.6.el7

Name	Operator	Version
kernel	eq	3.10.0__862.el7
kernel	eq	3.10.0__693.el7
kernel	eq	3.10.0__693.5.2.p7ih.el7
kernel	eq	3.10.0__514.16.1.el7
kernel	eq	3.10.0__957.1.3.el7
kernel	eq	3.10.0__862.2.3.el7
kernel	eq	3.10.0__693.21.1.el7
kernel	eq	3.10.0__693.11.6.el7
kernel	eq	3.10.0__957.5.1.el7
kernel	eq	3.10.0__862.11.6.el7