Bug 1792512 (CVE-2019-19922) - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications
Summary: CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to caus...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-19922
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1890034 1706247 1792513 1806793 1806794 1806795 1810452
Blocks: 1792514
TreeView+ depends on / blocked
 
Reported: 2020-01-17 19:16 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-02-16 20:44 UTC (History)
45 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s scheduler, where it can allow attackers to cause a denial of service against non-CPU-bound applications by generating a workload that triggers unwanted scheduling slice expiration. A local attacker who can trigger a specific workload type could abuse this technique to trigger a system to be seen as degraded, and possibly trigger workload-rebalance in systems that use the slice-expiration metric as a measure of system health.
Clone Of:
Environment:
Last Closed: 2020-04-16 16:32:14 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2052 0 None None None 2020-05-11 12:54:00 UTC
Red Hat Product Errata RHBA-2020:2626 0 None None None 2020-06-19 01:50:17 UTC
Red Hat Product Errata RHSA-2020:1493 0 None None None 2020-04-16 14:38:55 UTC
Red Hat Product Errata RHSA-2020:1567 0 None None None 2020-04-28 15:25:27 UTC
Red Hat Product Errata RHSA-2020:1769 0 None None None 2020-04-28 15:52:03 UTC

Description Guilherme de Almeida Suckevicz 2020-01-17 19:16:55 UTC
A flaw was found in the Linux kernels scheduler which can allow attackers to cause a denial of service against non-CPU-bound applications by generating a workload that triggers unwanted scheduling slice expiration.  A local attacker who is able to trigger a specific workload type could abuse this technique to trigger a system to be seen as 'degraded' and possibly trigger workload-rebalance in systems that use slice-expiration metric as a measure of system health.

Reference:
https://github.com/kubernetes/kubernetes/issues/67577

Reference and upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425

Comment 1 Guilherme de Almeida Suckevicz 2020-01-17 19:17:50 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1792513]

Comment 2 Justin M. Forbes 2020-01-20 18:41:26 UTC
This was fixed for Fedora with the 5.3.9 stable kernel update.

Comment 9 Petr Matousek 2020-03-06 12:36:45 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 10 errata-xmlrpc 2020-04-16 14:38:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:1493 https://access.redhat.com/errata/RHSA-2020:1493

Comment 11 Product Security DevOps Team 2020-04-16 16:32:14 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-19922

Comment 12 errata-xmlrpc 2020-04-28 15:25:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567

Comment 13 errata-xmlrpc 2020-04-28 15:52:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769


Note You need to log in before you can comment on or make changes to this bug.