kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)
References
Link | Resource |
---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | Mailing List Patch Vendor Advisory |
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425 | Mailing List Patch Vendor Advisory |
https://github.com/kubernetes/kubernetes/issues/67577 | Issue Tracking Patch Third Party Advisory |
https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html | Mailing List Third Party Advisory |
https://relistan.com/the-kernel-may-be-slowing-down-your-app | Exploit Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200204-0002/ | Third Party Advisory |
https://usn.ubuntu.com/4226-1/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-22T19:07:16
Updated: 2021-06-14T17:20:11
Reserved: 2019-12-22T00:00:00
Link: CVE-2019-19922
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-22T20:15:10.823
Modified: 2022-12-14T19:15:13.963
Link: CVE-2019-19922
JSON object: View
Redhat Information
No data.
CWE