How severe is CVE-2019-19922?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2019-19922?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2019-19922

MEDIUM Year: 2019

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-400

View all →

Vulnerability Description

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)

CVE-2006-5648

MEDIUM

CVSS:5.5(Medium)

Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create proc...

CWE-4002006

CVE-2006-5649

MEDIUM

CVSS:5.5(Medium)

Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspec...

CWE-4002006

CVE-2009-3621

MEDIUM

CVSS:5.5(Medium)

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutd...

CWE-4002009

CVE-2011-1474

MEDIUM

CVSS:5.5(Medium)

A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topd...

CWE-4002011

CVE-2011-2906

MEDIUM

CVSS:5.5(Medium)

Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or ...

CWE-4002011

CVE-2011-2918

MEDIUM

CVSS:5.5(Medium)

The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of s...

CWE-4002011

CVE-2019-19922

Vulnerability Description

Related Vulnerabilities

CVE-2006-5648

CVE-2006-5649

CVE-2009-3621

CVE-2011-1474

CVE-2011-2906

CVE-2011-2918