csaf_redhat - rhsa-2020

rhsa-2020_0609

Vulnerability from csaf_redhat

Published

2020-02-26 09:17

Modified

2024-09-13 19:57

Summary

Red Hat Security Advisory: kernel-rt security and bug fix update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976) * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1794133)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1794133)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:0609",
        "url": "https://access.redhat.com/errata/RHSA-2020:0609"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1710405",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710405"
      },
      {
        "category": "external",
        "summary": "1743547",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743547"
      },
      {
        "category": "external",
        "summary": "1771909",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771909"
      },
      {
        "category": "external",
        "summary": "1774870",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774870"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_0609.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
    "tracking": {
      "current_release_date": "2024-09-13T19:57:22+00:00",
      "generator": {
        "date": "2024-09-13T19:57:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2020:0609",
      "initial_release_date": "2020-02-26T09:17:27+00:00",
      "revision_history": [
        {
          "date": "2020-02-26T09:17:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-02-26T09:17:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T19:57:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
                "product": {
                  "name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
                  "product_id": "6Server-MRG-Realtime-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise MRG for RHEL-6"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.10.0-693.64.1.rt56.662.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
                "product": {
                  "name": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
                  "product_id": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-693.64.1.rt56.662.el6rt?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
                "product": {
                  "name": "kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
                  "product_id": "kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-693.64.1.rt56.662.el6rt?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
                "product": {
                  "name": "kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
                  "product_id": "kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-firmware@3.10.0-693.64.1.rt56.662.el6rt?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src"
        },
        "product_reference": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch"
        },
        "product_reference": "kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch"
        },
        "product_reference": "kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-20976",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2019-08-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1743547"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s implementation of the XFS filesystem. A key data structure (sb-\u003es_fs_info)  may not be de-allocated when the system is under memory pressure. This same data structure is then used at a later time during filesystem operations. This could allow a local attacker who is able to groom memory to place an attacker-controlled data structure in this location and create a use-after-free situation which can result in memory corruption or privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: use-after-free in fs/xfs/xfs_super.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7.6.z had fixed this flaw mid release without it being recognised as a CVE.  Prior releases of Red Hat Enterprise Linux EUS/AUS will still require the fix to be secure.  Trackers have been made and fixes will be available as part of the standard release cycle.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-20976"
        },
        {
          "category": "external",
          "summary": "RHBZ#1743547",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743547"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-20976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20976"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20976",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20976"
        }
      ],
      "release_date": "2018-05-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0609"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: use-after-free in fs/xfs/xfs_super.c"
    },
    {
      "cve": "CVE-2019-11085",
      "cwe": {
        "id": "CWE-250",
        "name": "Execution with Unnecessary Privileges"
      },
      "discovery_date": "2019-05-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1710405"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s implementation of GVT-g which allowed an attacker with access to a \u0027passed through\u0027 Intel i915 graphics card to possibly access resources allocated to other virtual machines, crash the host, or possibly corrupt memory leading to privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-11085"
        },
        {
          "category": "external",
          "summary": "RHBZ#1710405",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710405"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11085",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-11085"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11085",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11085"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html"
        }
      ],
      "release_date": "2019-05-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0609"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "ADLab of Venustech"
          ]
        }
      ],
      "cve": "CVE-2019-14895",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2019-11-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1774870"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A heap-based buffer overflow was discovered in the Linux kernel\u0027s Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-14895"
        },
        {
          "category": "external",
          "summary": "RHBZ#1774870",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774870"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14895",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14895",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14895"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2019/11/22/2",
          "url": "https://www.openwall.com/lists/oss-security/2019/11/22/2"
        }
      ],
      "release_date": "2019-11-25T08:29:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0609"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c"
    },
    {
      "cve": "CVE-2019-17133",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2019-10-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1771909"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Linux kernel\u0027s generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17133"
        },
        {
          "category": "external",
          "summary": "RHBZ#1771909",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771909"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17133",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17133",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17133"
        }
      ],
      "release_date": "2019-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0609"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-693.64.1.rt56.662.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-693.64.1.rt56.662.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c"
    }
  ]
}

cve-2018-20976

Vulnerability from cvelistv5

Published

2019-08-19 01:52

Modified

2024-08-05 12:19

Severity

Summary

An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.

References

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82	x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190905-0002/	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html	vendor-advisory, x_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html	mailing-list, x_refsource_MLIST
https://usn.ubuntu.com/4144-1/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4145-1/	vendor-advisory, x_refsource_UBUNTU
https://support.f5.com/csp/article/K10269585?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html	x_refsource_MISC
https://seclists.org/bugtraq/2019/Nov/11	mailing-list, x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2020:0178	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0543	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0592	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0609	vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html	mailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0661	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:19:27.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
          },
          {
            "name": "openSUSE-SU-2019:2173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2019:2181",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
          },
          {
            "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
          },
          {
            "name": "USN-4144-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4144-1/"
          },
          {
            "name": "USN-4145-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4145-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K10269585?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
          },
          {
            "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "name": "RHSA-2020:0178",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0178"
          },
          {
            "name": "RHSA-2020:0543",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0543"
          },
          {
            "name": "RHSA-2020:0592",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0592"
          },
          {
            "name": "RHSA-2020:0609",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0609"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "RHSA-2020:0661",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0661"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-03T12:06:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
        },
        {
          "name": "openSUSE-SU-2019:2173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2019:2181",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
        },
        {
          "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
        },
        {
          "name": "USN-4144-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4144-1/"
        },
        {
          "name": "USN-4145-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4145-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K10269585?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
        },
        {
          "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "name": "RHSA-2020:0178",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0178"
        },
        {
          "name": "RHSA-2020:0543",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0543"
        },
        {
          "name": "RHSA-2020:0592",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0592"
        },
        {
          "name": "RHSA-2020:0609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0609"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "RHSA-2020:0661",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0661"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190905-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190905-0002/"
            },
            {
              "name": "openSUSE-SU-2019:2173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2019:2181",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
            },
            {
              "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
            },
            {
              "name": "USN-4144-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4144-1/"
            },
            {
              "name": "USN-4145-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4145-1/"
            },
            {
              "name": "https://support.f5.com/csp/article/K10269585?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K10269585?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "RHSA-2020:0178",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0178"
            },
            {
              "name": "RHSA-2020:0543",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0543"
            },
            {
              "name": "RHSA-2020:0592",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0592"
            },
            {
              "name": "RHSA-2020:0609",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0609"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "RHSA-2020:0661",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0661"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20976",
    "datePublished": "2019-08-19T01:52:55",
    "dateReserved": "2019-08-18T00:00:00",
    "dateUpdated": "2024-08-05T12:19:27.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17133

Vulnerability from cvelistv5

Published

2019-10-04 11:57

Modified

2024-08-05 01:33

Severity

Summary

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.

References

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html	vendor-advisory, x_refsource_SUSE
https://seclists.org/bugtraq/2019/Nov/11	mailing-list, x_refsource_BUGTRAQ
https://usn.ubuntu.com/4211-2/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4208-1/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4210-1/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4211-1/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4226-1/	vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html	mailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0174	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0374	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0375	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0543	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0592	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0609	vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html	mailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0653	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0661	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0664	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0790	vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191031-0005/	x_refsource_CONFIRM
https://marc.info/?l=linux-wireless&m=157018270915487&w=2	x_refsource_MISC

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:33:17.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2019:2392",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2019:2444",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"
          },
          {
            "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/11"
          },
          {
            "name": "USN-4211-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4211-2/"
          },
          {
            "name": "USN-4208-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4208-1/"
          },
          {
            "name": "USN-4210-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4210-1/"
          },
          {
            "name": "USN-4211-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4211-1/"
          },
          {
            "name": "USN-4226-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4226-1/"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "RHSA-2020:0174",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0174"
          },
          {
            "name": "RHSA-2020:0374",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0374"
          },
          {
            "name": "RHSA-2020:0375",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0375"
          },
          {
            "name": "RHSA-2020:0543",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0543"
          },
          {
            "name": "RHSA-2020:0592",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0592"
          },
          {
            "name": "RHSA-2020:0609",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0609"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "RHSA-2020:0653",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0653"
          },
          {
            "name": "RHSA-2020:0661",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0661"
          },
          {
            "name": "RHSA-2020:0664",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0664"
          },
          {
            "name": "RHSA-2020:0790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0790"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://marc.info/?l=linux-wireless\u0026m=157018270915487\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-14T17:20:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2019:2392",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2019:2444",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"
        },
        {
          "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/11"
        },
        {
          "name": "USN-4211-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4211-2/"
        },
        {
          "name": "USN-4208-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4208-1/"
        },
        {
          "name": "USN-4210-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4210-1/"
        },
        {
          "name": "USN-4211-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4211-1/"
        },
        {
          "name": "USN-4226-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4226-1/"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "RHSA-2020:0174",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0174"
        },
        {
          "name": "RHSA-2020:0374",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0374"
        },
        {
          "name": "RHSA-2020:0375",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0375"
        },
        {
          "name": "RHSA-2020:0543",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0543"
        },
        {
          "name": "RHSA-2020:0592",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0592"
        },
        {
          "name": "RHSA-2020:0609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0609"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "RHSA-2020:0653",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0653"
        },
        {
          "name": "RHSA-2020:0661",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0661"
        },
        {
          "name": "RHSA-2020:0664",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0664"
        },
        {
          "name": "RHSA-2020:0790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0790"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://marc.info/?l=linux-wireless\u0026m=157018270915487\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17133",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2019:2392",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2019:2444",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "name": "USN-4211-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4211-2/"
            },
            {
              "name": "USN-4208-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4208-1/"
            },
            {
              "name": "USN-4210-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4210-1/"
            },
            {
              "name": "USN-4211-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4211-1/"
            },
            {
              "name": "USN-4226-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4226-1/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "name": "RHSA-2020:0174",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0174"
            },
            {
              "name": "RHSA-2020:0374",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0374"
            },
            {
              "name": "RHSA-2020:0375",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0375"
            },
            {
              "name": "RHSA-2020:0543",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0543"
            },
            {
              "name": "RHSA-2020:0592",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0592"
            },
            {
              "name": "RHSA-2020:0609",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0609"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            },
            {
              "name": "RHSA-2020:0653",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0653"
            },
            {
              "name": "RHSA-2020:0661",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0661"
            },
            {
              "name": "RHSA-2020:0664",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0664"
            },
            {
              "name": "RHSA-2020:0790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0790"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
            },
            {
              "name": "https://marc.info/?l=linux-wireless\u0026m=157018270915487\u0026w=2",
              "refsource": "MISC",
              "url": "https://marc.info/?l=linux-wireless\u0026m=157018270915487\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17133",
    "datePublished": "2019-10-04T11:57:47",
    "dateReserved": "2019-10-04T00:00:00",
    "dateUpdated": "2024-08-05T01:33:17.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-14895

Vulnerability from cvelistv5

Published

2019-11-29 13:50

Modified

2024-08-05 00:26

Severity

8.0 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

References

URL	Tags
https://www.openwall.com/lists/oss-security/2019/11/22/2	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/	vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/	vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html	vendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/4228-1/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4227-1/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4226-1/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4225-1/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4228-2/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4227-2/	vendor-advisory, x_refsource_UBUNTU
http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html	mailing-list, x_refsource_MLIST
https://usn.ubuntu.com/4225-2/	vendor-advisory, x_refsource_UBUNTU
http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2020:0328	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0339	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0374	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0375	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0543	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0592	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0609	vendor-advisory, x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html	mailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0653	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0661	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0664	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
Red Hat	kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2019/11/22/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895"
          },
          {
            "name": "FEDORA-2019-91f6e7bb71",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/"
          },
          {
            "name": "FEDORA-2019-8846a1a5a2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/"
          },
          {
            "name": "openSUSE-SU-2019:2675",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
          },
          {
            "name": "USN-4228-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4228-1/"
          },
          {
            "name": "USN-4227-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-1/"
          },
          {
            "name": "USN-4226-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4226-1/"
          },
          {
            "name": "USN-4225-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-1/"
          },
          {
            "name": "USN-4228-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4228-2/"
          },
          {
            "name": "USN-4227-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4227-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html"
          },
          {
            "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
          },
          {
            "name": "USN-4225-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4225-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html"
          },
          {
            "name": "RHSA-2020:0328",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0328"
          },
          {
            "name": "RHSA-2020:0339",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0339"
          },
          {
            "name": "RHSA-2020:0374",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0374"
          },
          {
            "name": "RHSA-2020:0375",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0375"
          },
          {
            "name": "RHSA-2020:0543",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0543"
          },
          {
            "name": "RHSA-2020:0592",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0592"
          },
          {
            "name": "RHSA-2020:0609",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0609"
          },
          {
            "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
          },
          {
            "name": "RHSA-2020:0653",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0653"
          },
          {
            "name": "RHSA-2020:0661",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0661"
          },
          {
            "name": "RHSA-2020:0664",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0664"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "all kernel versions 3.x.x and 4.x.x before 4.18.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-03T18:06:09",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2019/11/22/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895"
        },
        {
          "name": "FEDORA-2019-91f6e7bb71",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/"
        },
        {
          "name": "FEDORA-2019-8846a1a5a2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/"
        },
        {
          "name": "openSUSE-SU-2019:2675",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
        },
        {
          "name": "USN-4228-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4228-1/"
        },
        {
          "name": "USN-4227-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-1/"
        },
        {
          "name": "USN-4226-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4226-1/"
        },
        {
          "name": "USN-4225-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-1/"
        },
        {
          "name": "USN-4228-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4228-2/"
        },
        {
          "name": "USN-4227-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4227-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html"
        },
        {
          "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
        },
        {
          "name": "USN-4225-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4225-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html"
        },
        {
          "name": "RHSA-2020:0328",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0328"
        },
        {
          "name": "RHSA-2020:0339",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0339"
        },
        {
          "name": "RHSA-2020:0374",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0374"
        },
        {
          "name": "RHSA-2020:0375",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0375"
        },
        {
          "name": "RHSA-2020:0543",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0543"
        },
        {
          "name": "RHSA-2020:0592",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0592"
        },
        {
          "name": "RHSA-2020:0609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0609"
        },
        {
          "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
        },
        {
          "name": "RHSA-2020:0653",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0653"
        },
        {
          "name": "RHSA-2020:0661",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0661"
        },
        {
          "name": "RHSA-2020:0664",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0664"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14895",
    "datePublished": "2019-11-29T13:50:14",
    "dateReserved": "2019-08-10T00:00:00",
    "dateUpdated": "2024-08-05T00:26:39.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11085

Vulnerability from cvelistv5

Published

2019-05-17 15:41

Modified

2024-08-04 22:40

Severity

Summary

Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

References

URL	Tags
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00249.html	x_refsource_MISC
https://support.f5.com/csp/article/K09376613	x_refsource_CONFIRM
http://www.securityfocus.com/bid/108488	vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html	vendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/4068-1/	vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4068-2/	vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2019:1873	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1891	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1959	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1971	vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/4118-1/	vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2020:0543	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0592	vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0609	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	Intel(R) i915 Graphics for Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:16.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00249.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K09376613"
          },
          {
            "name": "108488",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108488"
          },
          {
            "name": "openSUSE-SU-2019:1479",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
          },
          {
            "name": "openSUSE-SU-2019:1579",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
          },
          {
            "name": "USN-4068-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4068-1/"
          },
          {
            "name": "USN-4068-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4068-2/"
          },
          {
            "name": "RHSA-2019:1873",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1873"
          },
          {
            "name": "RHSA-2019:1891",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1891"
          },
          {
            "name": "RHSA-2019:1959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1959"
          },
          {
            "name": "RHSA-2019:1971",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1971"
          },
          {
            "name": "USN-4118-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4118-1/"
          },
          {
            "name": "RHSA-2020:0543",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0543"
          },
          {
            "name": "RHSA-2020:0592",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0592"
          },
          {
            "name": "RHSA-2020:0609",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0609"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) i915 Graphics for Linux",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions before 5.0."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-26T12:06:03",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00249.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K09376613"
        },
        {
          "name": "108488",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108488"
        },
        {
          "name": "openSUSE-SU-2019:1479",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
        },
        {
          "name": "openSUSE-SU-2019:1579",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
        },
        {
          "name": "USN-4068-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4068-1/"
        },
        {
          "name": "USN-4068-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4068-2/"
        },
        {
          "name": "RHSA-2019:1873",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1873"
        },
        {
          "name": "RHSA-2019:1891",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1891"
        },
        {
          "name": "RHSA-2019:1959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1959"
        },
        {
          "name": "RHSA-2019:1971",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1971"
        },
        {
          "name": "USN-4118-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4118-1/"
        },
        {
          "name": "RHSA-2020:0543",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0543"
        },
        {
          "name": "RHSA-2020:0592",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0592"
        },
        {
          "name": "RHSA-2020:0609",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0609"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-11085",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) i915 Graphics for Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions before 5.0."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00249.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00249.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K09376613",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K09376613"
            },
            {
              "name": "108488",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108488"
            },
            {
              "name": "openSUSE-SU-2019:1479",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html"
            },
            {
              "name": "openSUSE-SU-2019:1579",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"
            },
            {
              "name": "USN-4068-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4068-1/"
            },
            {
              "name": "USN-4068-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4068-2/"
            },
            {
              "name": "RHSA-2019:1873",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1873"
            },
            {
              "name": "RHSA-2019:1891",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1891"
            },
            {
              "name": "RHSA-2019:1959",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1959"
            },
            {
              "name": "RHSA-2019:1971",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1971"
            },
            {
              "name": "USN-4118-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4118-1/"
            },
            {
              "name": "RHSA-2020:0543",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0543"
            },
            {
              "name": "RHSA-2020:0592",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0592"
            },
            {
              "name": "RHSA-2020:0609",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0609"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2019-11085",
    "datePublished": "2019-05-17T15:41:37",
    "dateReserved": "2019-04-11T00:00:00",
    "dateUpdated": "2024-08-04T22:40:16.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2020_0609

Vulnerability from csaf_redhat

cve-2018-20976

Vulnerability from cvelistv5

cve-2019-17133

Vulnerability from cvelistv5

cve-2019-14895

Vulnerability from cvelistv5

cve-2019-11085

Vulnerability from cvelistv5

Tags