Bug 1690678 (CVE-2019-9793)

Summary: CVE-2019-9793 Mozilla: Improper bounds checks when Spectre mitigations are disabled
Product: [Other] Security Response Reporter: Doran Moppert <dmoppert>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: cschalle, gecko-bugs-nobody, jhorak, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:51:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1688866, 1688867, 1688868, 1690494, 1690495, 1690496, 1690692, 1703888, 1703893, 1703894    
Bug Blocks: 1688735, 1690493    

Description Doran Moppert 2019-03-20 02:14:33 UTC
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. 

 *Note: Spectre mitigations are currently enabled for all users by default settings.*



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793

Comment 1 Doran Moppert 2019-03-20 02:14:36 UTC
Acknowledgments:

Name: the Mozilla project
Upstream: Bruno Keith & Niklas Baumstark (the phoenhex team)

Comment 3 errata-xmlrpc 2019-03-20 15:11:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0622

Comment 4 errata-xmlrpc 2019-03-20 15:21:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0623

Comment 5 errata-xmlrpc 2019-03-28 14:48:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:0680 https://access.redhat.com/errata/RHSA-2019:0680

Comment 6 errata-xmlrpc 2019-03-28 14:49:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:0681 https://access.redhat.com/errata/RHSA-2019:0681

Comment 8 errata-xmlrpc 2019-05-07 04:18:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:0966

Comment 9 errata-xmlrpc 2019-05-13 05:03:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:1144 https://access.redhat.com/errata/RHSA-2019:1144