BDU:2020-01593

Vulnerability from fstec - Published: 01.06.2019
VLAI Severity ?
Title
Уязвимость функции mwifiex_uap_parse_tail_ies ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость функции mwifiex_uap_parse_tail_ies (/net/wireless/marvell/mwifiex/ie.c) ядра операционной системы Linux вызвана переполнением буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity ?
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor
ООО «РусБИТех-Астра», Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc.
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Workstation Extension, SUSE OpenStack Cloud, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, SUSE CaaS Platform, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Build System Kit, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Live Patching, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Real Time Extension, Linux
Software Version
1.5 «Смоленск» (Astra Linux Special Edition), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (SUSE Linux Enterprise Workstation Extension), 12 SP4 (SUSE Linux Enterprise Workstation Extension), 7 (SUSE OpenStack Cloud), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 19.04 (Ubuntu), 8 (Red Hat Enterprise Linux), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 3.0 (SUSE CaaS Platform), 5 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise Module for Development Tools), 15 SP1 (SUSE Linux Enterprise Module for Development Tools), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP3 (SUSE Linux Enterprise Build System Kit), 12 SP4 (SUSE Linux Enterprise Build System Kit), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP2 (SUSE Linux Enterprise High Availability), 12 SP3 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise High Availability), 15 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise Live Patching), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Live Patching), 15 (SUSE Linux Enterprise Module for Public Cloud), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 12 SP2-LTSS (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Live Patching), 12 SP3-LTSS (Suse Linux Enterprise Server), 14.04 ESM (Ubuntu), 8 (SUSE OpenStack Cloud), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise High Performance Computing), 12 SP5 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise Real Time Extension), 12 SP5 (SUSE Linux Enterprise Workstation Extension), от 4.5 до 4.9.185 включительно (Linux), от 4.15 до 4.19.58 включительно (Linux), от 4.20 до 5.1.17 включительно (Linux), от 4.0 до 4.4.185 включительно (Linux), от 4.10 до 4.14.133 включительно (Linux)
Possible Mitigations
Использование рекомендаций: Для Linux: https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.134 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.59 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.186 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.186 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.18 Для Ubuntu: https://usn.ubuntu.com/4093-1/ https://usn.ubuntu.com/4094-1/ https://usn.ubuntu.com/4095-1/ https://usn.ubuntu.com/4095-2/ https://usn.ubuntu.com/4117-1/ https://usn.ubuntu.com/4118-1/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/errata/RHSA-2019:3055 https://access.redhat.com/errata/RHSA-2019:3076 https://access.redhat.com/errata/RHSA-2019:3089 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0204 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2019-10126/ Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2019-10126 Для Astra Linux: https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15
Reference
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.securityfocus.com/bid/108817 https://access.redhat.com/errata/RHSA-2019:3055 https://access.redhat.com/errata/RHSA-2019:3076 https://access.redhat.com/errata/RHSA-2019:3089 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0204 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10126 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.134 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.59 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.186 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.186 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.18 https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html https://lore.kernel.org/linux-wireless/20190531131841.7552-1-tiwai@suse.de https://marc.info/?l=oss-security&m=155965912410053&w=2 https://nvd.nist.gov/vuln/detail/CVE-2019-10126 https://seclists.org/bugtraq/2019/Jul/33 https://seclists.org/bugtraq/2019/Jun/26 https://security.netapp.com/advisory/ntap-20190710-0002/ https://security-tracker.debian.org/tracker/CVE-2019-10126 https://support.f5.com/csp/article/K95593121 https://ubuntu.com/security/notices/USN-4093-1 https://ubuntu.com/security/notices/USN-4094-1 https://ubuntu.com/security/notices/USN-4095-1 https://ubuntu.com/security/notices/USN-4095-2 https://ubuntu.com/security/notices/USN-4117-1 https://ubuntu.com/security/notices/USN-4118-1 https://usn.ubuntu.com/4093-1/ https://usn.ubuntu.com/4094-1/ https://usn.ubuntu.com/4095-1/ https://usn.ubuntu.com/4095-2/ https://usn.ubuntu.com/4117-1/ https://usn.ubuntu.com/4118-1/ https://usn.ubuntu.com/usn/usn-4093-1 https://usn.ubuntu.com/usn/usn-4094-1 https://usn.ubuntu.com/usn/usn-4095-1 https://usn.ubuntu.com/usn/usn-4095-2 https://usn.ubuntu.com/usn/usn-4117-1 https://usn.ubuntu.com/usn/usn-4118-1 https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15 https://www.cve.org/CVERecord?id=CVE-2019-10126 https://www.debian.org/security/2019/dsa-4465 https://www.suse.com/security/cve/CVE-2019-10126/
CWE
CWE-119, CWE-122, CWE-787
To clipboard 

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 4 (SUSE Enterprise Storage), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (SUSE Linux Enterprise Workstation Extension), 12 SP4 (SUSE Linux Enterprise Workstation Extension), 7 (SUSE OpenStack Cloud), 15 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 19.04 (Ubuntu), 8 (Red Hat Enterprise Linux), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 3.0 (SUSE CaaS Platform), 5 (SUSE Enterprise Storage), 15 (SUSE Linux Enterprise Module for Development Tools), 15 SP1 (SUSE Linux Enterprise Module for Development Tools), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP3 (SUSE Linux Enterprise Build System Kit), 12 SP4 (SUSE Linux Enterprise Build System Kit), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 12 SP2 (SUSE Linux Enterprise High Availability), 12 SP3 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise High Availability), 15 (SUSE Linux Enterprise High Availability), 15 SP1 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise Live Patching), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Live Patching), 15 (SUSE Linux Enterprise Module for Public Cloud), 15 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Workstation Extension), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 12 SP2-LTSS (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Live Patching), 12 SP3-LTSS (Suse Linux Enterprise Server), 14.04 ESM (Ubuntu), 8 (SUSE OpenStack Cloud), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise High Performance Computing), 12 SP5 (SUSE Linux Enterprise High Availability), 12 SP4 (SUSE Linux Enterprise Real Time Extension), 12 SP5 (SUSE Linux Enterprise Workstation Extension), \u043e\u0442 4.5 \u0434\u043e 4.9.185 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.58 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.1.17 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.0 \u0434\u043e 4.4.185 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.133 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.134\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.59\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.186\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.186\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.18\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4093-1/ \nhttps://usn.ubuntu.com/4094-1/ \nhttps://usn.ubuntu.com/4095-1/ \nhttps://usn.ubuntu.com/4095-2/ \nhttps://usn.ubuntu.com/4117-1/ \nhttps://usn.ubuntu.com/4118-1/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2019:3055\nhttps://access.redhat.com/errata/RHSA-2019:3076\nhttps://access.redhat.com/errata/RHSA-2019:3089\nhttps://access.redhat.com/errata/RHSA-2019:3309\nhttps://access.redhat.com/errata/RHSA-2019:3517\nhttps://access.redhat.com/errata/RHSA-2020:0174\nhttps://access.redhat.com/errata/RHSA-2020:0204\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2019-10126/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2019-10126\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.06.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.04.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01593",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-10126",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Enterprise Storage, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Workstation Extension, SUSE OpenStack Cloud, SUSE Linux Enterprise Module for Open Buildservice Development Tools, Suse Linux Enterprise Server, SUSE Linux Enterprise Module for Basesystem, OpenSUSE Leap, SUSE CaaS Platform, SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Build System Kit, SUSE Linux Enterprise High Availability, SUSE Linux Enterprise Live Patching, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise Module for Live Patching, SUSE Linux Enterprise Module for Public Cloud, SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Real Time Extension, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Canonical Ltd. Ubuntu 19.04 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. OpenSUSE Leap 15.1 , Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS , Canonical Ltd. Ubuntu 14.04 ESM , Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mwifiex_uap_parse_tail_ies \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mwifiex_uap_parse_tail_ies (/net/wireless/marvell/mwifiex/ie.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html\nhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html\nhttp://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html\nhttp://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html\nhttp://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html\nhttp://www.securityfocus.com/bid/108817\nhttps://access.redhat.com/errata/RHSA-2019:3055\nhttps://access.redhat.com/errata/RHSA-2019:3076\nhttps://access.redhat.com/errata/RHSA-2019:3089\nhttps://access.redhat.com/errata/RHSA-2019:3309\nhttps://access.redhat.com/errata/RHSA-2019:3517\nhttps://access.redhat.com/errata/RHSA-2020:0174\nhttps://access.redhat.com/errata/RHSA-2020:0204\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10126\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.134\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.59\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.186\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.186\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.18\nhttps://lists.debian.org/debian-lts-announce/2019/06/msg00010.html\nhttps://lists.debian.org/debian-lts-announce/2019/06/msg00011.html\nhttps://lore.kernel.org/linux-wireless/20190531131841.7552-1-tiwai@suse.de\nhttps://marc.info/?l=oss-security\u0026m=155965912410053\u0026w=2\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10126\nhttps://seclists.org/bugtraq/2019/Jul/33\nhttps://seclists.org/bugtraq/2019/Jun/26\nhttps://security.netapp.com/advisory/ntap-20190710-0002/\nhttps://security-tracker.debian.org/tracker/CVE-2019-10126\nhttps://support.f5.com/csp/article/K95593121\nhttps://ubuntu.com/security/notices/USN-4093-1\nhttps://ubuntu.com/security/notices/USN-4094-1\nhttps://ubuntu.com/security/notices/USN-4095-1\nhttps://ubuntu.com/security/notices/USN-4095-2\nhttps://ubuntu.com/security/notices/USN-4117-1\nhttps://ubuntu.com/security/notices/USN-4118-1\nhttps://usn.ubuntu.com/4093-1/\nhttps://usn.ubuntu.com/4094-1/\nhttps://usn.ubuntu.com/4095-1/\nhttps://usn.ubuntu.com/4095-2/\nhttps://usn.ubuntu.com/4117-1/\nhttps://usn.ubuntu.com/4118-1/\nhttps://usn.ubuntu.com/usn/usn-4093-1\nhttps://usn.ubuntu.com/usn/usn-4094-1\nhttps://usn.ubuntu.com/usn/usn-4095-1\nhttps://usn.ubuntu.com/usn/usn-4095-2\nhttps://usn.ubuntu.com/usn/usn-4117-1\nhttps://usn.ubuntu.com/usn/usn-4118-1\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://www.cve.org/CVERecord?id=CVE-2019-10126\nhttps://www.debian.org/security/2019/dsa-4465\nhttps://www.suse.com/security/cve/CVE-2019-10126/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-122, CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.