Vulnerability Description
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 18.04 |
| Linux | Linux Kernel | < 5.1.15 |
| Fedoraproject | Fedora | 29 |
| Debian | Debian Linux | 9.0 |
| Opensuse | Leap | 15.1 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Eus | 8.1 |
| Redhat | Enterprise Linux Server Aus | 8.2 |
| Redhat | Enterprise Linux Server Tus | 8.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.htmlMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/06/24/5Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/108884Broken Link
- https://access.redhat.com/errata/RHSA-2019:2703Third Party Advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.15Vendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caPatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://seclists.org/bugtraq/2019/Aug/13Mailing ListThird Party Advisory
- https://support.f5.com/csp/article/K12876166Third Party Advisory
- https://support.f5.com/csp/article/K12876166?utm_source=f5support&%3Butm_medi
- https://usn.ubuntu.com/4031-1/Third Party Advisory
- https://www.debian.org/security/2019/dsa-4495Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.htmlMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2019/06/24/5Mailing ListThird Party Advisory
FAQ
What is CVE-2019-12817?
CVE-2019-12817 is a vulnerability with a CVSS score of 7.0 (HIGH). arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditi...
How severe is CVE-2019-12817?
CVE-2019-12817 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12817?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Linux Linux Kernel, Fedoraproject Fedora, Debian Debian Linux, Opensuse Leap.