Updated: 2023-12-06
CWE: Uncontrolled Resource Consumption
Description:
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)
CVSS3: 5.5
| OS | Vendor version | Errata |
|---|---|---|
| Ubuntu 18.04 HWE | 5.3.0-26.28~18.04.1 | USN-4225-2 |
| Debian 8 | 3.16.81-1 | DLA-2068-1 |
| RHEL 8 | 4.18.0-193.el8 | RHSA-2020:1769 |
| Ubuntu 19.04 | 5.0.0-38.41 | USN-4226-1 |
| Ubuntu 18.04 Azure | 5.0.0-1028.30~18.04.1 | USN-4226-1 |
| CentOS 8 | 4.18.0-193.el8 | CESA-2020:1769 |
| Oracle Linux 8 | 4.18.0-193.el8 | ELSA-2020-1769 |
| AlmaLinux 8 | 4.18.0-193.el8 | ALSA-2020:1769 |
| OS | Original kernel version | State |
|---|---|---|
| Ubuntu 18.04 HWE | |
Ready For Release |
| Debian 8 | |
Ready For Release |
| Ubuntu 18.04 GCP |
5.0.0-1020.20~18.04.1
show all
hide all
5.0.0-1021.21~18.04.1
5.0.0-1025.26~18.04.1
5.0.0-1026.27~18.04.1
|
Released |
| RHEL 8 |
4.18.0-107.el8
show all
hide all
4.18.0-80.11.2.el8_0
4.18.0-80.1.2.el8_0
4.18.0-147.0.2.el8_1
4.18.0-147.0.3.el8_1
4.18.0-80.7.2.el8_0
4.18.0-80.4.2.el8_0
4.18.0-80.11.1.el8_0
4.18.0-147.el8
4.18.0-80.el8
4.18.0-80.7.1.el8_0
|
Released |
| Debian 10 |
4.19.67-2+deb10u1
show all
hide all
4.19.37-5
4.19.37-5+deb10u2
4.19.67-2+deb10u2
4.19.67-2
4.19.37-5+deb10u1
|
Released |
| Proxmox VE 6 |
5.0.21-4-pve_5.0.21-8
show all
hide all
5.0.21-1-pve_5.0.21-2
5.0.21-5-pve_5.0.21-10
5.0.18-1-pve_5.0.18-3
5.0.15-1-pve_5.0.15-1
5.0.12-1-pve_5.0.12-1
5.0.18-1-pve_5.0.18-1
5.0.18-1-pve_5.0.18-2
5.0.21-1-pve_5.0.21-1
5.0.21-2-pve_5.0.21-3
5.0.21-2-pve_5.0.21-6
5.0.21-4-pve_5.0.21-9
5.0.8-1-pve_5.0.8-1
5.0.8-2-pve_5.0.8-2
5.0.21-3-pve_5.0.21-7
5.0.21-2-pve_5.0.21-4
|
Released |
| Ubuntu 19.04 | |
Ready For Release |
| Endurance 7 eig 4.14 |
4.14.146-225.ELK.el6
show all
hide all
4.14.146-225.ELK.el7
|
Released |
| Proofpoint | |
Ready For Release |
| OEL 8 Dell | |
Ready For Release |
| Ubuntu 18.04 Azure |
5.0.0-1020.21~18.04.1
show all
hide all
5.0.0-1022.23~18.04.1
5.0.0-1018.19~18.04.1
5.0.0-1023.24~18.04.1
4.18.0-1011.11~18.04.1
4.18.0-1019.19~18.04.1
4.18.0-1014.14~18.04.1
4.18.0-1013.13~18.04.1
4.18.0-1024.25~18.04.1
5.0.0-1016.17~18.04.1
5.0.0-1019.20~18.04.1
5.0.0-1021.22~18.04.1
4.18.0-1023.24~18.04.1
5.0.0-1025.27~18.04.1
4.18.0-1018.18~18.04.1
4.18.0-1020.20~18.04.1
5.0.0-1014.14~18.04.1
|
Released |
| CentOS 8 |
4.18.0-80.el8
show all
hide all
4.18.0-80.7.1.el8_0
4.18.0-80.11.1.el8_0
4.18.0-80.7.2.el8_0
4.18.0-147.el8
4.18.0-80.11.2.el8_0
4.18.0-147.0.3.el8_1
4.18.0-80.1.2.el8_0
4.18.0-80.4.2.el8_0
|
Released |
| Oracle Linux 8 |
4.18.0-80.el8
show all
hide all
4.18.0-80.1.2.el8_0
4.18.0-80.11.1.el8_0
4.18.0-80.7.2.el8_0
4.18.0-147.0.2.el8_1
4.18.0-80.7.1.el8_0
4.18.0-80.4.2.el8_0
4.18.0-80.11.2.el8_0
4.18.0-147.0.3.el8_1
4.18.0-147.el8
|
Released |
| CloudLinux OS 8 |
4.18.0-147.0.3.lve.el8
|
Released |
| CloudLinux OS 7h |
4.18.0-80.7.2.el7h
show all
hide all
4.18.0-147.0.3.el7h.lve
4.18.0-147.0.3.el7h
|
Released |
| Debian 10 cloud |
4.19.67-2+deb10u2
show all
hide all
4.19.28-2_bpo9+1
|
Released |
| Debian 9 backports |
4.19.67-2+deb10u2~bpo9+1
|
Released |
| AlmaLinux 8 | |
Ready For Release |