var-201808-1004
Vulnerability from variot
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Insufficient encryption processing (CWE-325) - CVE-2018-5383 Bluetooth Then, elliptic curve Diffie-Hellman key sharing (ECDH) It defines a device pairing mechanism based on technology. In this method, each pair to be paired prepares a key pair consisting of a private key and a public key. When pairing starts, each other's public key is exchanged, and each private key is generated using the private key of the other party and the public key of the other party. The parameters of the elliptic curve encryption to be used must be agreed in advance. Bluetooth The specification recommends that you verify that the public key you received from the other party is appropriate, but it was not required. "Invalid Curve Attack" Or "Invalid Point Attack" In an attack technique called, it is pointed out that searching for a secret key is much easier if a shared key is generated without confirming that the public key received from the other party is appropriate. It is. Some implementations process without verifying the public key received from the other party, Bluetooth If a public key crafted by a third party that exists within the communication distance of is injected, there is a possibility that the secret key is obtained with a high probability. As a result, there is a possibility that the communication contents will be obtained or altered. Secure Connections Pairing Mode and Simple Secure Paring Both modes are affected. Bluetooth SIG Let's make it necessary to verify the received public key. Bluetooth While updating the specifications of Bluetooth Qualification Program Added a test item in this case. Bluetooth SIG See the announcement. Bluetooth SIG Announcement https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-updateBluetooth Man-in-the-middle attack by third parties within the communication range (man-in-the-middle attack) If this is done, you may be able to obtain the private key used by the device. As a result, communication content between devices may be obtained or falsified. Multiple Bluetooth drivers are prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and certain unauthorized actions, which will aid in further attacks. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. A remote attacker could exploit this vulnerability to obtain the encryption key used by the device, and then intercept, decrypt, forge and inject device messages. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4
tvOS 11.4 addresses the following:
Bluetooth Available for: Apple TV 4K Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018
Crash Reporter Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. CVE-2018-4206: Ian Beer of Google Project Zero
FontParser Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero
Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd.
libxpc Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative
Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com
Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd
Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo)
Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo)
UIKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4200: Ivan Fratric of Google Project Zero
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk)
WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUsiMACgkQ8ecVjteJ iCYcZBAAusSQ6lM5Qebyc48iNEu/DUrOwUVyN6MNjo0699Xm+kbu+0u/JQNf75jw ZeelK31NLRyRx9BuK7u4J20gi+hsWI7N9wtVkeOaPiE/Ha45uEVaJ6lSSJOIZ3rZ oXb4PiL8+bSukiRgBvFhnxDwGCGefg8udRjtONRlCuMvyZAY09LT6cgZOXSEJEbF ecVmvDAEEwH1hcTV7PJbQ4nCkv97DA8dPVTbUUbtPXCOPYjsClz1JSUubOSDw3d4 7tq4pfs6ZJFZCE8JFJFY+CCIWuE1FppTE7FVJVfFdpAri+prTeGZJppzEjJDZR2g 4lCOyx926Mp5tqZx6WZc1Xkz8LJaZbEWPrfGW4wKMFIC7WPwhyi7y2NqVfcjbubW aOsfQFwbCx9KlfOfUMJtbAaha7TBiDJV5u2PMILL3ct2BRX+LqEUrlrR1uwhF5VZ npPX9cEwMbWRCj7QJC9bmRT1mPYKD+sK5HqBc7Ftp3NYv1hjhEz6iVcF7HYY9T2j aYzvsXaMilihEaDRu4H/0wLX4abUrOtUwFowuehUkNF30cgBrtyWcJl6K6/WaW2C IdmF0IB4T4MRWyPKY2r1A+rBerCaoxb0IBucOP9JO4V1uDrCoHdxEL9LfjXlz/tx CiPvy4EaV2aIDjSfkf75IXtHx2ueIFfdTGVH1OEdX9JoCSqNRPQ= =8ofX -----END PGP SIGNATURE----- . (CVE-2019-10126)
Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. ========================================================================= Ubuntu Security Notice USN-4118-1 September 02, 2019
linux-aws vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
Details:
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053)
Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093)
Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616)
Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613)
Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617)
Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862)
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)
Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169)
Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)
It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856)
Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)
It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136)
It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)
It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)
Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)
Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)
Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085)
It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)
Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599)
It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810)
It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815)
It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)
It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884)
It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818)
It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819)
It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)
Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)
Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)
It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631)
It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283)
It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)
Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763)
It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)
It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211)
It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)
It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214)
It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)
It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220)
It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292)
It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024)
It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101)
It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)
Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506)
It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511)
It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216)
It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)
It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)
Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)
Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: linux-image-4.15.0-1047-aws 4.15.0-1047.49 linux-image-aws 4.15.0.1047.46
Ubuntu 16.04 LTS: linux-image-4.15.0-1047-aws 4.15.0-1047.49~16.04.1 linux-image-aws-hwe 4.15.0.1047.47
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/4118-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-19985, CVE-2018-20169, CVE-2018-20511, CVE-2018-20784, CVE-2018-20856, CVE-2018-5383, CVE-2019-0136, CVE-2019-10126, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11085, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-11815, CVE-2019-11833, CVE-2019-11884, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-13631, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-2024, CVE-2019-2101, CVE-2019-3701, CVE-2019-3819, CVE-2019-3846, CVE-2019-3900, CVE-2019-9506
Package Information: https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1047.49 https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1047.49~16.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: linux-firmware security, bug fix, and enhancement update Advisory ID: RHSA-2019:2169-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2169 Issue date: 2019-08-06 CVE Names: CVE-2018-5383 ==================================================================== 1. Summary:
An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm
noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl4n9zjgjWX9erEAQhAkw/+KcXoF0PnrjblvVm7NoR+6+Ap/0Q/ZA76 Q/lTMgCH2fhDPQov/S6l0uzlvrxzjcN2uQW/mM/XvaKgHX316q1Byj/ul74pfLGE ZfsmAfPeFy4YYSMOnzeFiE8lzbzM203JpiGCC0wS8Mm+oz13Bn6gwkZI3P3R4m3l LvPZ8AjMWXSRbdNDsxO+PONz9lsNQEEDspUKvdy3x2omdNCt8QPp1gIsP8lKM8g1 KIkJCwE0OkUrYOm9KEU3kNM1Nifx8LNjC+bdLMEgXMDtQiDdF085BrnXm10HYTAy DuGsE5Htep5balUiMOcR/Y4rb4r/fWfyRQNWG4H0RIduOCBTIDIcj3L/yKo/OU+t 15fe/S8OS14F8v2fsNEdrmmdFK12WiRzNozD/ZBbBklorTMvCrFrhQ9ZDIlD2ue/ RyoF4Zz5sCTP5NFQeYBEphU934UpHEc4VRZcrr4Rh86kS+0tWTrLZRE4Mx25jTjf TO72X8QlaGbOMtoErnZVmTVPUAJJMrZ5WBzrTZFOJrtnPsMAccvbNdfp/Ky30blh FHTMAVsVkZoRw8zayr8mSm3xCIY7B56hM0Ss42RSqO1f9KDeHAtbaVf1f4fuMr4E uZjw2Ma15KdNAGoOLgS941af276a9jRbHPrAmr3JWcTQb9osZFeoMcOOkikZgXtW hT1DU8n0QFA\xf9to -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-1004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "8.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "6.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.4"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "95600"
},
{
"model": "wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "94620"
},
{
"model": "wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "94610"
},
{
"model": "wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "92600"
},
{
"model": "tri-band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "182650"
},
{
"model": "tri-band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "182600"
},
{
"model": "tri-band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "172650"
},
{
"model": "dual band wireless-n",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72650"
},
{
"model": "dual band wireless-n",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72600"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "926020.0.2.3"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "926020.0.2.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "926020.0.0.0"
},
{
"model": "dual band wireless-ac desktop kit",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "82650"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "82650"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "826020.0.2.3"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "826020.0.2.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "826020.0.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "82600"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.10"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.51.7.20"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.51.7.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.51.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.10.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726519.10.9.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72650"
},
{
"model": "dual band wireless-ac for desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72600"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726018.33.9.3"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726018.33.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "726018.0.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "72600"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.10"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.51.7.20"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.51.7.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.51.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.10.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316819.10.9.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "31680"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.10"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.51.7.20"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.51.7.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.51.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.10.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316519.10.9.1"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "31650"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316018.33.9.3"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316018.33.9.2"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "316018.0.0.0"
},
{
"model": "dual band wireless-ac",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "31600"
},
{
"model": "erratum",
"scope": "eq",
"trust": 0.3,
"vendor": "bluetooth",
"version": "107340"
},
{
"model": "erratum",
"scope": "eq",
"trust": 0.3,
"vendor": "bluetooth",
"version": "103950"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.5"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.4"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13"
},
{
"model": "macbook pro",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "macbook",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "wireless-n",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726520.60"
},
{
"model": "wireless-n",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726020.60"
},
{
"model": "wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "956020.60"
},
{
"model": "wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "946220.60"
},
{
"model": "wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "946120.60"
},
{
"model": "wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "926020.60"
},
{
"model": "tri-band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "1826520.60"
},
{
"model": "tri-band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "1826020.60"
},
{
"model": "tri-band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "1726520.60"
},
{
"model": "dual band wireless-n",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726520.60"
},
{
"model": "dual band wireless-n",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726020.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "826520.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "826020.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726520.60"
},
{
"model": "dual band wireless-ac for desktop",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726020.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "726020.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "316820.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "316520.60"
},
{
"model": "dual band wireless-ac",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "316020.60"
},
{
"model": "macos security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.62018"
},
{
"model": "macos security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.52018"
}
],
"sources": [
{
"db": "BID",
"id": "104879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.13",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
],
"trust": 0.6
},
"cve": "CVE-2018-5383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "None",
"baseScore": 7.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-005730",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-135414",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2018-5383",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "JPCERT/CC",
"availabilityImpact": "None",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-005730",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5383",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cret@cert.org",
"id": "CVE-2018-5383",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-005730",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1882",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135414",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-5383",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Insufficient encryption processing (CWE-325) - CVE-2018-5383 Bluetooth Then, elliptic curve Diffie-Hellman key sharing (ECDH) It defines a device pairing mechanism based on technology. In this method, each pair to be paired prepares a key pair consisting of a private key and a public key. When pairing starts, each other\u0027s public key is exchanged, and each private key is generated using the private key of the other party and the public key of the other party. The parameters of the elliptic curve encryption to be used must be agreed in advance. Bluetooth The specification recommends that you verify that the public key you received from the other party is appropriate, but it was not required. \"Invalid Curve Attack\" Or \"Invalid Point Attack\" In an attack technique called, it is pointed out that searching for a secret key is much easier if a shared key is generated without confirming that the public key received from the other party is appropriate. It is. Some implementations process without verifying the public key received from the other party, Bluetooth If a public key crafted by a third party that exists within the communication distance of is injected, there is a possibility that the secret key is obtained with a high probability. As a result, there is a possibility that the communication contents will be obtained or altered. Secure Connections Pairing Mode and Simple Secure Paring Both modes are affected. Bluetooth SIG Let\u0027s make it necessary to verify the received public key. Bluetooth While updating the specifications of Bluetooth Qualification Program Added a test item in this case. Bluetooth SIG See the announcement. Bluetooth SIG Announcement https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-updateBluetooth Man-in-the-middle attack by third parties within the communication range (man-in-the-middle attack) If this is done, you may be able to obtain the private key used by the device. As a result, communication content between devices may be obtained or falsified. Multiple Bluetooth drivers are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and certain unauthorized actions, which will aid in further attacks. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. A remote attacker could exploit this vulnerability to obtain the encryption key used by the device, and then intercept, decrypt, forge and inject device messages. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2018-7-23-4 Additional information for\nAPPLE-SA-2018-06-01-6 tvOS 11.4\n\ntvOS 11.4 addresses the following:\n\nBluetooth\nAvailable for: Apple TV 4K\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: An input validation issue existed in Bluetooth. This\nissue was addressed with improved input validation. \nCVE-2018-5383: Lior Neumann and Eli Biham\nEntry added July 23, 2018\n\nCrash Reporter\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\nerror handling. \nCVE-2018-4206: Ian Beer of Google Project Zero\n\nFontParser\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2018-4211: Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2018-4241: Ian Beer of Google Project Zero\nCVE-2018-4243: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2018-4249: Kevin Backhouse of Semmle Ltd. \n\nlibxpc\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro\u0027s Zero\nDay Initiative\n\nMessages\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A local user may be able to conduct impersonation attacks\nDescription: An injection issue was addressed with improved input\nvalidation. \nCVE-2018-4235: Anurodh Pokharel of Salesforce.com\n\nMessages\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing a maliciously crafted message may lead to a denial\nof service\nDescription: This issue was addressed with improved message\nvalidation. \nCVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd\n\nSecurity\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A local user may be able to read a persistent device\nidentifier\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4224: Abraham Masri (@cheesecakeufo)\n\nSecurity\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: A local user may be able to read a persistent account\nidentifier\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2018-4223: Abraham Masri (@cheesecakeufo)\n\nUIKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing a maliciously crafted text file may lead to a\ndenial of service\nDescription: A validation issue existed in the handling of text. This\nissue was addressed with improved validation of text. \nCVE-2018-4198: Hunter Byrnes\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Visiting a maliciously crafted website may lead to cookies\nbeing overwritten\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed with improved restrictions. \nCVE-2018-4232: an anonymous researcher, Aymeric Chaib\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A race condition was addressed with improved locking. \nCVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat\nof Ret2 Systems, Inc working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-4214: found by OSS-Fuzz\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working\nwith Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2018-4246: found by OSS-Fuzz\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2018-4200: Ivan Fratric of Google Project Zero\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4201: an anonymous researcher\nCVE-2018-4218: Natalie Silvanovich of Google Project Zero\nCVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro\u0027s Zero\nDay Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils\nof MWR Labs working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Visiting a maliciously crafted website may leak sensitive\ndata\nDescription: Credentials were unexpectedly sent when fetching CSS\nmask images. This was addressed by using a CORS-enabled fetch method. \nCVE-2018-4190: Jun Kokatsu (@shhnjk)\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2018-4222: Natalie Silvanovich of Google Project Zero\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUsiMACgkQ8ecVjteJ\niCYcZBAAusSQ6lM5Qebyc48iNEu/DUrOwUVyN6MNjo0699Xm+kbu+0u/JQNf75jw\nZeelK31NLRyRx9BuK7u4J20gi+hsWI7N9wtVkeOaPiE/Ha45uEVaJ6lSSJOIZ3rZ\noXb4PiL8+bSukiRgBvFhnxDwGCGefg8udRjtONRlCuMvyZAY09LT6cgZOXSEJEbF\necVmvDAEEwH1hcTV7PJbQ4nCkv97DA8dPVTbUUbtPXCOPYjsClz1JSUubOSDw3d4\n7tq4pfs6ZJFZCE8JFJFY+CCIWuE1FppTE7FVJVfFdpAri+prTeGZJppzEjJDZR2g\n4lCOyx926Mp5tqZx6WZc1Xkz8LJaZbEWPrfGW4wKMFIC7WPwhyi7y2NqVfcjbubW\naOsfQFwbCx9KlfOfUMJtbAaha7TBiDJV5u2PMILL3ct2BRX+LqEUrlrR1uwhF5VZ\nnpPX9cEwMbWRCj7QJC9bmRT1mPYKD+sK5HqBc7Ftp3NYv1hjhEz6iVcF7HYY9T2j\naYzvsXaMilihEaDRu4H/0wLX4abUrOtUwFowuehUkNF30cgBrtyWcJl6K6/WaW2C\nIdmF0IB4T4MRWyPKY2r1A+rBerCaoxb0IBucOP9JO4V1uDrCoHdxEL9LfjXlz/tx\nCiPvy4EaV2aIDjSfkf75IXtHx2ueIFfdTGVH1OEdX9JoCSqNRPQ=\n=8ofX\n-----END PGP SIGNATURE-----\n. (CVE-2019-10126)\n\nAndrei Vlad Lutas and Dan Lutas discovered that some x86 processors\nincorrectly handle SWAPGS instructions during speculative execution. =========================================================================\nUbuntu Security Notice USN-4118-1\nSeptember 02, 2019\n\nlinux-aws vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems\n\nDetails:\n\nIt was discovered that the alarmtimer implementation in the Linux kernel\ncontained an integer overflow vulnerability. A local attacker could use\nthis to cause a denial of service. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly track inode validations. An attacker could use this\nto construct a malicious XFS image that, when mounted, could cause a denial\nof service (system crash). (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the Linux\nkernel did not properly validate metadata. An attacker could use this to\nconstruct a malicious f2fs image that, when mounted, could cause a denial\nof service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098,\nCVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615,\nCVE-2018-14616)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system implementation\nin the Linux kernel did not properly validate metadata. An attacker could\nuse this to construct a malicious btrfs image that, when mounted, could\ncause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610,\nCVE-2018-14611, CVE-2018-14612, CVE-2018-14613)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux\nkernel did not properly handle malformed catalog data in some situations. \nAn attacker could use this to construct a malicious HFS+ image that, when\nmounted, could cause a denial of service (system crash). (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem\nof the Linux kernel did not properly initialize new files in some\nsituations. A local attacker could use this to expose sensitive\ninformation. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver\nin the Linux kernel did not properly validate metadata received from the\ndevice. A physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-19985)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the Linux\nkernel did not properly handle size checks when handling an extra USB\ndescriptor. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2018-20169)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS\nLinux kernel process scheduler. A local attacker could possibly use this to\ncause a denial of service. (CVE-2018-20784)\n\nIt was discovered that a use-after-free error existed in the block layer\nsubsystem of the Linux kernel when certain failure conditions occurred. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-20856)\n\nEli Biham and Lior Neumann discovered that the Bluetooth implementation in\nthe Linux kernel did not properly validate elliptic curve parameters during\nDiffie-Hellman key exchange in some situations. An attacker could use this\nto expose sensitive information. (CVE-2018-5383)\n\nIt was discovered that the Intel wifi device driver in the Linux kernel did\nnot properly validate certain Tunneled Direct Link Setup (TDLS). A\nphysically proximate attacker could use this to cause a denial of service\n(wifi disconnect). (CVE-2019-0136)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-10126)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local attacker\ncould use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless networking\nprotocols. A remote attacker could use this to track particular Linux\ndevices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could exposed by the implementation of connection-less network\nprotocols in the Linux kernel. A remote attacker could possibly use this to\nassist in the exploitation of another vulnerability in the Linux kernel. \n(CVE-2019-10639)\n\nAdam Zabrocki discovered that the Intel i915 kernel mode graphics driver in\nthe Linux kernel did not properly restrict mmap() ranges in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11085)\n\nIt was discovered that an integer overflow existed in the Linux kernel when\nreference counting pages, leading to potential use-after-free issues. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when\nperforming core dumps. A local attacker could use this to cause a denial of\nservice (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe LSI Logic MegaRAID driver in the Linux kernel. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-11810)\n\nIt was discovered that a race condition leading to a use-after-free existed\nin the Reliable Datagram Sockets (RDS) protocol implementation in the Linux\nkernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the Linux\nkernel did not properly zero out memory in some situations. A local\nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP)\nimplementation in the Linux kernel did not properly verify strings were\nNULL terminated in certain situations. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2019-11884)\n\nIt was discovered that a NULL pointer dereference vulnerabilty existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. An\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-12818)\n\nIt was discovered that the MDIO bus devices subsystem in the Linux kernel\nimproperly dropped a device reference in an error condition, leading to a\nuse-after-free. An attacker could use this to cause a denial of service\n(system crash). (CVE-2019-12819)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel\nwhen accessing LDT entries in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did\nnot properly record credentials in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2019-13272)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did\nnot properly bounds check the initial HID report sent by the device. A\nphysically proximate attacker could use to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-13631)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local attacker\ncould use this to cause a denial of service (system crash). \n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A local\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3\nDRD Controller device driver in the Linux kernel. A physically proximate\nattacker could use this to cause a denial of service. (CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI\niSCSI Initiator Driver in the Linux kernel. A local attacker could possibly\nuse this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the\nLinux kernel did not properly allocate memory, leading to a use-after-free. \nA physically proximate attacker could use this to cause a denial of service\nor possibly execute arbitrary code. (CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device\ndriver for the Linux kernel. A physically proximate attacker could use this\nto cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound\nArchitecture (ALSA) subsystem of the Linux kernel, leading to a potential\nuse-after-free. A physically proximate attacker could use this to cause a\ndenial of service (system crash) pro possibly execute arbitrary code. \n(CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux\ndevice driver for the Linux kernel, leading to a use-after-free. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54\ndevice driver in the Linux kernel. A physically proximate attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAppletalk implementation in the Linux kernel if an error occurs during\ninitialization. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15292)\n\nIt was discovered that the Empia EM28xx DVB USB device driver\nimplementation in the Linux kernel contained a use-after-free vulnerability\nwhen disconnecting the device. An attacker could use this to cause a denial\nof service (system crash). (CVE-2019-2024)\n\nIt was discovered that the USB video device class implementation in the\nLinux kernel did not properly validate control bits, resulting in an out of\nbounds buffer read. A local attacker could use this to possibly expose\nsensitive information (kernel memory). (CVE-2019-2101)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-3846)\n\nJason Wang discovered that an infinite loop vulnerability existed in the\nvirtio net driver in the Linux kernel. A local attacker in a guest VM could\npossibly use this to cause a denial of service in the host system. \n(CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered\nthat the Bluetooth protocol BR/EDR specification did not properly require\nsufficiently strong encryption key lengths. A physicall proximate attacker\ncould use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that the Appletalk IP encapsulation driver in the Linux\nkernel did not properly prevent kernel addresses from being copied to user\nspace. A local attacker with the CAP_NET_ADMIN capability could use this to\nexpose sensitive information. (CVE-2018-20511)\n\nIt was discovered that a race condition existed in the USB YUREX device\ndriver in the Linux kernel. A physically proximate attacker could use this\nto cause a denial of service (system crash). (CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the\nLinux kernel made improper assumptions about the device characteristics. A\nphysically proximate attacker could use this cause a denial of service\n(system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel\ndid not properly validate data size information from the device. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some\nsituations did not properly restrict the field size when processing\noutgoing frames. A local attacker with CAP_NET_ADMIN privileges could use\nthis to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel\u0027s\nHID subsystem did not properly validate passed parameters in some\nsituations. A local privileged attacker could use this to cause a denial of\nservice (infinite loop). (CVE-2019-3819)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n linux-image-4.15.0-1047-aws 4.15.0-1047.49\n linux-image-aws 4.15.0.1047.46\n\nUbuntu 16.04 LTS:\n linux-image-4.15.0-1047-aws 4.15.0-1047.49~16.04.1\n linux-image-aws-hwe 4.15.0.1047.47\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://usn.ubuntu.com/4118-1\n CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097,\n CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609,\n CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613,\n CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617,\n CVE-2018-16862, CVE-2018-19985, CVE-2018-20169, CVE-2018-20511,\n CVE-2018-20784, CVE-2018-20856, CVE-2018-5383, CVE-2019-0136,\n CVE-2019-10126, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639,\n CVE-2019-11085, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810,\n CVE-2019-11815, CVE-2019-11833, CVE-2019-11884, CVE-2019-12818,\n CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272,\n CVE-2019-13631, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763,\n CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214,\n CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220,\n CVE-2019-15221, CVE-2019-15292, CVE-2019-2024, CVE-2019-2101,\n CVE-2019-3701, CVE-2019-3819, CVE-2019-3846, CVE-2019-3900,\n CVE-2019-9506\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1047.49\n https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1047.49~16.04.1\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: linux-firmware security, bug fix, and enhancement update\nAdvisory ID: RHSA-2019:2169-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2169\nIssue date: 2019-08-06\nCVE Names: CVE-2018-5383\n====================================================================\n1. Summary:\n\nAn update for linux-firmware is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe linux-firmware packages contain all of the firmware files that are\nrequired by various devices to operate. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlinux-firmware-20190429-72.gitddde598.el7.src.rpm\n\nnoarch:\niwl100-firmware-39.31.5.1-72.el7.noarch.rpm\niwl1000-firmware-39.31.5.1-72.el7.noarch.rpm\niwl105-firmware-18.168.6.1-72.el7.noarch.rpm\niwl135-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2000-firmware-18.168.6.1-72.el7.noarch.rpm\niwl2030-firmware-18.168.6.1-72.el7.noarch.rpm\niwl3160-firmware-22.0.7.0-72.el7.noarch.rpm\niwl3945-firmware-15.32.2.9-72.el7.noarch.rpm\niwl4965-firmware-228.61.2.24-72.el7.noarch.rpm\niwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm\niwl5150-firmware-8.24.2.2-72.el7.noarch.rpm\niwl6000-firmware-9.221.4.1-72.el7.noarch.rpm\niwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm\niwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm\niwl6050-firmware-41.28.5.1-72.el7.noarch.rpm\niwl7260-firmware-22.0.7.0-72.el7.noarch.rpm\niwl7265-firmware-22.0.7.0-72.el7.noarch.rpm\nlinux-firmware-20190429-72.gitddde598.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl4n9zjgjWX9erEAQhAkw/+KcXoF0PnrjblvVm7NoR+6+Ap/0Q/ZA76\nQ/lTMgCH2fhDPQov/S6l0uzlvrxzjcN2uQW/mM/XvaKgHX316q1Byj/ul74pfLGE\nZfsmAfPeFy4YYSMOnzeFiE8lzbzM203JpiGCC0wS8Mm+oz13Bn6gwkZI3P3R4m3l\nLvPZ8AjMWXSRbdNDsxO+PONz9lsNQEEDspUKvdy3x2omdNCt8QPp1gIsP8lKM8g1\nKIkJCwE0OkUrYOm9KEU3kNM1Nifx8LNjC+bdLMEgXMDtQiDdF085BrnXm10HYTAy\nDuGsE5Htep5balUiMOcR/Y4rb4r/fWfyRQNWG4H0RIduOCBTIDIcj3L/yKo/OU+t\n15fe/S8OS14F8v2fsNEdrmmdFK12WiRzNozD/ZBbBklorTMvCrFrhQ9ZDIlD2ue/\nRyoF4Zz5sCTP5NFQeYBEphU934UpHEc4VRZcrr4Rh86kS+0tWTrLZRE4Mx25jTjf\nTO72X8QlaGbOMtoErnZVmTVPUAJJMrZ5WBzrTZFOJrtnPsMAccvbNdfp/Ky30blh\nFHTMAVsVkZoRw8zayr8mSm3xCIY7B56hM0Ss42RSqO1f9KDeHAtbaVf1f4fuMr4E\nuZjw2Ma15KdNAGoOLgS941af276a9jRbHPrAmr3JWcTQb9osZFeoMcOOkikZgXtW\nhT1DU8n0QFA\\xf9to\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5383"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "BID",
"id": "104879"
},
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "157598"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "148644"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "154049"
},
{
"db": "PACKETSTORM",
"id": "154326"
},
{
"db": "PACKETSTORM",
"id": "153946"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5383",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#304725",
"trust": 2.9
},
{
"db": "BID",
"id": "104879",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041432",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "157598",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "153946",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92767028",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882",
"trust": 0.7
},
{
"db": "LENOVO",
"id": "LEN-22233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1612",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1111",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2932",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0501.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0559",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154044",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154049",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-135414",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5383",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148645",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148644",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149410",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154326",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "BID",
"id": "104879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "157598"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "148644"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "154049"
},
{
"db": "PACKETSTORM",
"id": "154326"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"id": "VAR-201808-1004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135414"
}
],
"trust": 0.6976190440000001
},
"last_update_date": "2024-07-23T21:45:01.058000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bluetooth Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82629"
},
{
"title": "Red Hat: Important: linux-firmware security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192169 - security advisory"
},
{
"title": "Ubuntu Security Notice: linux-firmware vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4351-1"
},
{
"title": "Red Hat: CVE-2018-5383",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-5383"
},
{
"title": "HP: HPSBHF03585 rev. 1 - Bluetooth Pairing Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03585"
},
{
"title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4095-2"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4095-1"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
},
{
"title": "Apple: watchOS 4.3.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f4c2f01c97a0857022a69b5486be838"
},
{
"title": "Apple: tvOS 11.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=d2d0b1ec71830547fb971d63ee3beadb"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014June 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=cc496c56e2bf669809bfb568f59af8e1"
},
{
"title": "Apple: macOS Mojave 10.14",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b8d65830dc3366732d9f4a144cde5cf4"
},
{
"title": "Apple: tvOS 12",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=cffdc08d95a71866e104f27dafdf5818"
},
{
"title": "Apple: macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f93fc5c87ddc6e336e7b02ff3308dfe6"
},
{
"title": "Apple: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6271728c896ad06d4d117e77589eea2f"
},
{
"title": "Apple: iOS 11.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0f3db097f895347566033494c2dda90b"
},
{
"title": "Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4094-1"
},
{
"title": "Apple: iOS 12",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9859610dae22b7395b3a00be201bcefb"
},
{
"title": "Ubuntu Security Notice: linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4118-1"
},
{
"title": "broadcom-bt-firmware",
"trust": 0.1,
"url": "https://github.com/winterheart/broadcom-bt-firmware "
},
{
"title": "awesome-bluetooth-security",
"trust": 0.1,
"url": "https://github.com/engn33r/awesome-bluetooth-security "
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/samsungreleasenotes "
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2018/07/24/bluetooth-bug-expose-devices/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/07/24/bluetooth_cryptography_bug/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/many-bluetooth-implementations-and-os-drivers-affected-by-crypto-bug/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.kb.cert.org/vuls/id/304725"
},
{
"trust": 2.9,
"url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
},
{
"trust": 2.6,
"url": "http://www.cs.technion.ac.il/~biham/bt/"
},
{
"trust": 2.6,
"url": "https://access.redhat.com/errata/rhsa-2019:2169"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/104879"
},
{
"trust": 2.4,
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
},
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/4095-2/"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041432"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
},
{
"trust": 1.3,
"url": "https://usn.ubuntu.com/4351-1/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5383"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92767028/index.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190466-1/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190422-1/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2932/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75986"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/bluetooth-firmware-information-disclosure-via-weak-elliptic-curve-parameters-28536"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-22233"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157598/ubuntu-security-notice-usn-4351-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75750"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78314"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153946/red-hat-security-advisory-2019-2169-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1612/"
},
{
"trust": 0.3,
"url": "https://www.bluetooth.com/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht208849"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht208937"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00008.html"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2018/jul/msg00009.html"
},
{
"trust": 0.3,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11599"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1125"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4095-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4233"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4249"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4246"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4243"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4214"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4224"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4198"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4201"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4240"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4237"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4223"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4211"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4241"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4218"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/347.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13272"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1054.61"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-159.187"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1122.128"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1090.101"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1118.127"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4351-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.157.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-firmware/1.173.18"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4225"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2054"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4095-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11833"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14610"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4118-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13098"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13093"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19985"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1047.49"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13100"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14617"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1047.49~16.04.1"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "BID",
"id": "104879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "157598"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "148644"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "154049"
},
{
"db": "PACKETSTORM",
"id": "154326"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-135414"
},
{
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"db": "BID",
"id": "104879"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "157598"
},
{
"db": "PACKETSTORM",
"id": "148645"
},
{
"db": "PACKETSTORM",
"id": "148644"
},
{
"db": "PACKETSTORM",
"id": "149410"
},
{
"db": "PACKETSTORM",
"id": "154049"
},
{
"db": "PACKETSTORM",
"id": "154326"
},
{
"db": "PACKETSTORM",
"id": "153946"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-135414"
},
{
"date": "2018-08-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"date": "2018-07-23T00:00:00",
"db": "BID",
"id": "104879"
},
{
"date": "2018-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"date": "2019-08-13T17:45:06",
"db": "PACKETSTORM",
"id": "154044"
},
{
"date": "2020-05-07T15:27:24",
"db": "PACKETSTORM",
"id": "157598"
},
{
"date": "2018-07-23T15:22:22",
"db": "PACKETSTORM",
"id": "148645"
},
{
"date": "2018-07-23T14:04:44",
"db": "PACKETSTORM",
"id": "148644"
},
{
"date": "2018-09-18T02:23:50",
"db": "PACKETSTORM",
"id": "149410"
},
{
"date": "2019-08-14T02:36:57",
"db": "PACKETSTORM",
"id": "154049"
},
{
"date": "2019-09-03T16:47:23",
"db": "PACKETSTORM",
"id": "154326"
},
{
"date": "2019-08-06T21:12:55",
"db": "PACKETSTORM",
"id": "153946"
},
{
"date": "2018-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"date": "2018-08-07T21:29:00.287000",
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-135414"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5383"
},
{
"date": "2018-07-23T00:00:00",
"db": "BID",
"id": "104879"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005730"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1882"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-5383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bluetooth Incorrect implementation of public key verification in elliptic curve Diffie-Hellman key sharing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005730"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1882"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.