var-201911-1410
Vulnerability from variot
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.208/: Upgraded. IPV6_MULTIPLE_TABLES n -> y +IPV6_SUBTREES y These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.203: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917 Fixed in 4.4.204: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683 Fixed in 4.4.206: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614 Fixed in 4.4.207: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332 Fixed in 4.4.208: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063 ( Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208_smp-noarch-1.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208-noarch-1.txz
MD5 signatures: +-------------+
Slackware 14.2 packages: ef3ab53561656d90c19389bed7f883ea kernel-generic-4.4.208-i586-1.txz ce33ac504adf47d140c3d9ffbf7589b2 kernel-generic-smp-4.4.208_smp-i686-1.txz 2fb222e279ceacf6e3af294a1cce54e9 kernel-headers-4.4.208_smp-x86-1.txz c237d6708a9d59080deb5a6659d1acf1 kernel-huge-4.4.208-i586-1.txz 29018038f4e0510dfa7e9cdfe69c994a kernel-huge-smp-4.4.208_smp-i686-1.txz 6518395d78e7c7b323bd964dd3b9ed13 kernel-modules-4.4.208-i586-1.txz 440885e37ee410473bf1c9a6b028dd8b kernel-modules-smp-4.4.208_smp-i686-1.txz 969021b83f0cb73d7b745b3d77bdbee0 kernel-source-4.4.208_smp-noarch-1.txz
Slackware x86_64 14.2 packages: d6edb0754c752aaf8fcbd8d4d5bfc30a kernel-generic-4.4.208-x86_64-1.txz 10255231f7085336046b49e829bf972c kernel-headers-4.4.208-x86-1.txz 369fa14fb7f59f1e903402be3ad685e7 kernel-huge-4.4.208-x86_64-1.txz b8c8261fbb6bed66c3ded3aa36e206df kernel-modules-4.4.208-x86_64-1.txz 83f37ca83c19fe8d1a785c93cc1ad6f5 kernel-source-4.4.208-noarch-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg kernel-*.txz
If you are using an initrd, you'll need to rebuild it.
For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208-smp | bash
For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208 | bash
Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.208-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.208 as the version.
If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting.
If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader.
If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2020:1769-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1769 Issue date: 2020-04-28 CVE Names: CVE-2018-16871 CVE-2019-8980 CVE-2019-10639 CVE-2019-15090 CVE-2019-15099 CVE-2019-15221 CVE-2019-17053 CVE-2019-17055 CVE-2019-18805 CVE-2019-19057 CVE-2019-19073 CVE-2019-19074 CVE-2019-19534 CVE-2019-19768 CVE-2019-19922 CVE-2020-1749 ==================================================================== 1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Security Fix(es):
-
kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)
-
kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)
-
kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980)
-
kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053)
-
kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055)
-
kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)
-
kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)
-
kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749)
-
Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)
-
kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090)
-
kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)
-
kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)
-
kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)
-
kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073)
-
kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)
-
kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence 1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service 1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR 1738741 - L2 guest hit kernel panic when do L1->L1 live migration on PML-enabled intel host 1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure 1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash 1749633 - kernel: brk can grow the heap into the area reserved for the stack 1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c 1752765 - conntrack tool delete entry with CIDR crash 1757902 - fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITSd 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. 1765547 - Fallocate on XFS may discard concurrent AIO write 1767664 - Backport CIFS stale ESTALE handling and dentry revalidation patches 1771430 - svcrdma: Increase the default connection credit limit 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c 1771691 - Process killed while opening a file can result in leaked open handle on the server 1774933 - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS 1774937 - CVE-2019-19073 kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) 1775050 - CVE-2019-19057 kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c 1789594 - kernel: Wrong FE0/FE1 MSR restore in signal handlers on ppc64le 1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications 1795049 - RHEL8: Latency issue on Kubernetes / k8s / OpenShift 1803162 - [NFS] Dataloss with copy_file_range on NFS-mounted files that is not 4K aligned on RHEL 8. 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel.
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: kernel-4.18.0-193.el8.src.rpm
aarch64: bpftool-4.18.0-193.el8.aarch64.rpm bpftool-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-4.18.0-193.el8.aarch64.rpm kernel-core-4.18.0-193.el8.aarch64.rpm kernel-cross-headers-4.18.0-193.el8.aarch64.rpm kernel-debug-4.18.0-193.el8.aarch64.rpm kernel-debug-core-4.18.0-193.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debug-devel-4.18.0-193.el8.aarch64.rpm kernel-debug-modules-4.18.0-193.el8.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm kernel-devel-4.18.0-193.el8.aarch64.rpm kernel-headers-4.18.0-193.el8.aarch64.rpm kernel-modules-4.18.0-193.el8.aarch64.rpm kernel-modules-extra-4.18.0-193.el8.aarch64.rpm kernel-tools-4.18.0-193.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-tools-libs-4.18.0-193.el8.aarch64.rpm perf-4.18.0-193.el8.aarch64.rpm perf-debuginfo-4.18.0-193.el8.aarch64.rpm python3-perf-4.18.0-193.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm
noarch: kernel-abi-whitelists-4.18.0-193.el8.noarch.rpm kernel-doc-4.18.0-193.el8.noarch.rpm
ppc64le: bpftool-4.18.0-193.el8.ppc64le.rpm bpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-4.18.0-193.el8.ppc64le.rpm kernel-core-4.18.0-193.el8.ppc64le.rpm kernel-cross-headers-4.18.0-193.el8.ppc64le.rpm kernel-debug-4.18.0-193.el8.ppc64le.rpm kernel-debug-core-4.18.0-193.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debug-devel-4.18.0-193.el8.ppc64le.rpm kernel-debug-modules-4.18.0-193.el8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm kernel-devel-4.18.0-193.el8.ppc64le.rpm kernel-headers-4.18.0-193.el8.ppc64le.rpm kernel-modules-4.18.0-193.el8.ppc64le.rpm kernel-modules-extra-4.18.0-193.el8.ppc64le.rpm kernel-tools-4.18.0-193.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-tools-libs-4.18.0-193.el8.ppc64le.rpm perf-4.18.0-193.el8.ppc64le.rpm perf-debuginfo-4.18.0-193.el8.ppc64le.rpm python3-perf-4.18.0-193.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm
s390x: bpftool-4.18.0-193.el8.s390x.rpm bpftool-debuginfo-4.18.0-193.el8.s390x.rpm kernel-4.18.0-193.el8.s390x.rpm kernel-core-4.18.0-193.el8.s390x.rpm kernel-cross-headers-4.18.0-193.el8.s390x.rpm kernel-debug-4.18.0-193.el8.s390x.rpm kernel-debug-core-4.18.0-193.el8.s390x.rpm kernel-debug-debuginfo-4.18.0-193.el8.s390x.rpm kernel-debug-devel-4.18.0-193.el8.s390x.rpm kernel-debug-modules-4.18.0-193.el8.s390x.rpm kernel-debug-modules-extra-4.18.0-193.el8.s390x.rpm kernel-debuginfo-4.18.0-193.el8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.el8.s390x.rpm kernel-devel-4.18.0-193.el8.s390x.rpm kernel-headers-4.18.0-193.el8.s390x.rpm kernel-modules-4.18.0-193.el8.s390x.rpm kernel-modules-extra-4.18.0-193.el8.s390x.rpm kernel-tools-4.18.0-193.el8.s390x.rpm kernel-tools-debuginfo-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-core-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.el8.s390x.rpm perf-4.18.0-193.el8.s390x.rpm perf-debuginfo-4.18.0-193.el8.s390x.rpm python3-perf-4.18.0-193.el8.s390x.rpm python3-perf-debuginfo-4.18.0-193.el8.s390x.rpm
x86_64: bpftool-4.18.0-193.el8.x86_64.rpm bpftool-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-4.18.0-193.el8.x86_64.rpm kernel-core-4.18.0-193.el8.x86_64.rpm kernel-cross-headers-4.18.0-193.el8.x86_64.rpm kernel-debug-4.18.0-193.el8.x86_64.rpm kernel-debug-core-4.18.0-193.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debug-devel-4.18.0-193.el8.x86_64.rpm kernel-debug-modules-4.18.0-193.el8.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm kernel-devel-4.18.0-193.el8.x86_64.rpm kernel-headers-4.18.0-193.el8.x86_64.rpm kernel-modules-4.18.0-193.el8.x86_64.rpm kernel-modules-extra-4.18.0-193.el8.x86_64.rpm kernel-tools-4.18.0-193.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-tools-libs-4.18.0-193.el8.x86_64.rpm perf-4.18.0-193.el8.x86_64.rpm perf-debuginfo-4.18.0-193.el8.x86_64.rpm python3-perf-4.18.0-193.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: bpftool-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.el8.aarch64.rpm perf-debuginfo-4.18.0-193.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm
ppc64le: bpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.el8.ppc64le.rpm perf-debuginfo-4.18.0-193.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm
x86_64: bpftool-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.el8.x86_64.rpm perf-debuginfo-4.18.0-193.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXqhVdNzjgjWX9erEAQhD/w//dPnDo2yo4d8QrzWDVVkXPNxRzhSCh7Rc vCtSYPB6YMydkKglUvdHS+ZGv+N/1xs8CTpAZ59q3NTiw2FdkCPfSuJiTwdCyOwc xars8lYLd2yKv/yhHXh5HDOloRRK26cKANvpUXFJCmbOq/muSEyhRTKKG2t+Iijn lMzS6BIheasfjupsy3K2JGeZCjKlH7u1yulJVH4BaQZ/K04NxKjOWGnZ9eAoP6gp AwPGT9YYT3Eg24NTaUVHBsrWMF7ybDkWuRav8TBHT8Uukoztjmypi/5C925tbVGM Ln36s+wfwPuytgos3JcjYVFhAzPwdtay99ZlXukeJlVXBc/AZEqkE3tp1dOUz5o/ QwjX2TByLMa6XAMWtNjW8AOcx30VuG73EoYNussB/J9+1eeehj7VpdAp/AWQm7q0 dHe0U6Pzm48vWLvuBzuc1JLC87ssbIC1n4WrfyUm86ECT8WZ4TsF8FZwlrzMB8Au wPMo9RHXb4gU9WgSfdikOvZy8DnyUfSIPnlyK71iaa7rqRlPVWM/XqDq7so7KF1o 3dE9bquitvi5H8/sEsgRGiqA6tb1Lh+mjhbE5FQxAggKnXz83UpJjk9aSL3dj+yY W1XxCp5lPPLclygA8lo7sqgD6RCBjWxzyGZBK0SoLzv2qHzrhxBeM0mOmhH7xRb5 N2G5/HRp5K8=0ugo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4287-2 February 18, 2020
linux-azure vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
USN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM.
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615)
It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099)
It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229)
It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232)
It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683)
It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786)
It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-18809)
It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19057)
It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19062)
It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19063)
It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19071)
It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19078)
It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19082)
Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227)
It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332)
It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767)
Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965)
It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-20096)
Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-5108)
It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053)
It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: linux-image-4.15.0-1069-azure 4.15.0-1069.74~14.04.1 linux-image-azure 4.15.0.1069.55
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/4287-2 https://usn.ubuntu.com/4287-1 CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229, CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809, CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227, CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096, CVE-2019-5108, CVE-2020-7053
. 8) - x86_64
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Bug Fix(es):
-
RT: update RT source tree to the RHEL-8.2 tree (BZ#1708716)
-
KVM-RT guest fails boot with emulatorsched (BZ#1712781)
-
8 vCPU guest need max latency < 20 us with stress [RT-8.2] (BZ#1757165)
-
Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike [rt-8] (BZ#1788352)
-
RT: Add rpm Provide of 'kernel' to indicate that this is a kernel package (BZ#1796284)
-
[RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot (BZ#1806871)
Enhancement(s):
- update to the upstream 5.x RT patchset (BZ#1680161)
4
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1410", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.1, "vendor": "fedoraproject", "version": "30" }, { "model": "fedora", "scope": "eq", "trust": 1.1, "vendor": "fedoraproject", "version": "31" }, { "model": "leap", "scope": "eq", "trust": 1.1, "vendor": "opensuse", "version": "15.1" }, { "model": "data availability services", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "hci compute node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.50.1" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.30" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.25" }, { "model": "aff baseboard management controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.40.3r2" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.60.1" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.70.1" }, { "model": "solidfire\\, enterprise sds \\\u0026 hci storage node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "19.10" }, { "model": "fas\\/aff baseboard management controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.30.5r3" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.50.2" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.40" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.40.5" }, { "model": "hci baseboard management controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "h610s" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.60" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.60.3" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.60.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.0" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.70.2" }, { "model": "solidfire baseboard management controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "solidfire \\\u0026 hci management node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "kernel", "scope": "lte", "trust": 1.0, "vendor": "linux", "version": "5.3.11" }, { "model": "brocade fabric operating system", "scope": "eq", "trust": 1.0, "vendor": "broadcom", "version": null }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.20" }, { "model": "e-series santricity os controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "11.0.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "kernel", "scope": "eq", "trust": 0.1, "vendor": "linux", "version": "5.3.11" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-19057" }, { "db": "NVD", "id": "CVE-2019-19057" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.3.11", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-19057" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu,Red Hat,Slackware Security Team", "sources": [ { "db": "CNNVD", "id": "CNNVD-201911-1078" } ], "trust": 0.6 }, "cve": "CVE-2019-19057", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-19057", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "LOW", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-19057", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201911-1078", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2019-19057", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-19057" }, { "db": "CNNVD", "id": "CNNVD-201911-1078" }, { "db": "NVD", "id": "CVE-2019-19057" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/linux-4.4.208/*: Upgraded. \n IPV6_MULTIPLE_TABLES n -\u003e y\n +IPV6_SUBTREES y\n These updates fix various bugs and security issues. \n Be sure to upgrade your initrd after upgrading the kernel packages. \n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader. \n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition. \n For more information, see:\n Fixed in 4.4.203:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917\n Fixed in 4.4.204:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683\n Fixed in 4.4.206:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614\n Fixed in 4.4.207:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332\n Fixed in 4.4.208:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-smp-4.4.208_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-smp-4.4.208_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-smp-4.4.208_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208-noarch-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\nef3ab53561656d90c19389bed7f883ea kernel-generic-4.4.208-i586-1.txz\nce33ac504adf47d140c3d9ffbf7589b2 kernel-generic-smp-4.4.208_smp-i686-1.txz\n2fb222e279ceacf6e3af294a1cce54e9 kernel-headers-4.4.208_smp-x86-1.txz\nc237d6708a9d59080deb5a6659d1acf1 kernel-huge-4.4.208-i586-1.txz\n29018038f4e0510dfa7e9cdfe69c994a kernel-huge-smp-4.4.208_smp-i686-1.txz\n6518395d78e7c7b323bd964dd3b9ed13 kernel-modules-4.4.208-i586-1.txz\n440885e37ee410473bf1c9a6b028dd8b kernel-modules-smp-4.4.208_smp-i686-1.txz\n969021b83f0cb73d7b745b3d77bdbee0 kernel-source-4.4.208_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\nd6edb0754c752aaf8fcbd8d4d5bfc30a kernel-generic-4.4.208-x86_64-1.txz\n10255231f7085336046b49e829bf972c kernel-headers-4.4.208-x86-1.txz\n369fa14fb7f59f1e903402be3ad685e7 kernel-huge-4.4.208-x86_64-1.txz\nb8c8261fbb6bed66c3ded3aa36e206df kernel-modules-4.4.208-x86_64-1.txz\n83f37ca83c19fe8d1a785c93cc1ad6f5 kernel-source-4.4.208-noarch-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg kernel-*.txz\n\nIf you are using an initrd, you\u0027ll need to rebuild it. \n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren\u0027t sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.208-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.208 as the version. \n\nIf you are using lilo or elilo to boot the machine, you\u0027ll need to ensure\nthat the machine is properly prepared before rebooting. \n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou\u0027ll need to run \"lilo\" as root to reinstall the boot loader. \n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: kernel security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:1769-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1769\nIssue date: 2020-04-28\nCVE Names: CVE-2018-16871 CVE-2019-8980 CVE-2019-10639\n CVE-2019-15090 CVE-2019-15099 CVE-2019-15221\n CVE-2019-17053 CVE-2019-17055 CVE-2019-18805\n CVE-2019-19057 CVE-2019-19073 CVE-2019-19074\n CVE-2019-19534 CVE-2019-19768 CVE-2019-19922\n CVE-2020-1749\n====================================================================\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c\n(CVE-2019-19768)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message\nsequence (CVE-2018-16871)\n\n* kernel: memory leak in the kernel_read_file function in fs/exec.c allows\nto cause a denial of service (CVE-2019-8980)\n\n* kernel: unprivileged users able to create RAW sockets in AF_IEEE802154\nnetwork protocol. (CVE-2019-17053)\n\n* kernel: unprivileged users able to create RAW sockets in AF_ISDN network\nprotocol. (CVE-2019-17055)\n\n* kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c\n(CVE-2019-18805)\n\n* kernel: information leak bug caused by a malicious USB device in the\ndrivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n* kernel: some ipv6 protocols not encrypted over ipsec tunnel. \n(CVE-2020-1749)\n\n* Kernel: net: using kernel space address bits to derive IP ID may\npotentially break KASLR (CVE-2019-10639)\n\n* kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to\ncrash or information disclosure (CVE-2019-15090)\n\n* kernel: a NULL pointer dereference in\ndrivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)\n\n* kernel: Null pointer dereference in the sound/usb/line6/pcm.c\n(CVE-2019-15221)\n\n* kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in\ndrivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS\n(CVE-2019-19057)\n\n* kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the\nLinux kernel (DOS) (CVE-2019-19073)\n\n* kernel: a memory leak in the ath9k management function in allows local\nDoS (CVE-2019-19074)\n\n* kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial\nof service against non-cpu-bound applications (CVE-2019-19922)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. \nDocumentation for these changes is available from the Release Notes\ndocument linked to in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence\n1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service\n1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR\n1738741 - L2 guest hit kernel panic when do L1-\u003eL1 live migration on PML-enabled intel host\n1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure\n1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash\n1749633 - kernel: brk can grow the heap into the area reserved for the stack\n1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c\n1752765 - conntrack tool delete entry with CIDR crash\n1757902 - fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITSd\n1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. \n1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. \n1765547 - Fallocate on XFS may discard concurrent AIO write\n1767664 - Backport CIFS stale ESTALE handling and dentry revalidation patches\n1771430 - svcrdma: Increase the default connection credit limit\n1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c\n1771691 - Process killed while opening a file can result in leaked open handle on the server\n1774933 - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS\n1774937 - CVE-2019-19073 kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)\n1775050 - CVE-2019-19057 kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS\n1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver\n1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c\n1789594 - kernel: Wrong FE0/FE1 MSR restore in signal handlers on ppc64le\n1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications\n1795049 - RHEL8: Latency issue on Kubernetes / k8s / OpenShift\n1803162 - [NFS] Dataloss with copy_file_range on NFS-mounted files that is not 4K aligned on RHEL 8. \n1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel. \n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nkernel-4.18.0-193.el8.src.rpm\n\naarch64:\nbpftool-4.18.0-193.el8.aarch64.rpm\nbpftool-debuginfo-4.18.0-193.el8.aarch64.rpm\nkernel-4.18.0-193.el8.aarch64.rpm\nkernel-core-4.18.0-193.el8.aarch64.rpm\nkernel-cross-headers-4.18.0-193.el8.aarch64.rpm\nkernel-debug-4.18.0-193.el8.aarch64.rpm\nkernel-debug-core-4.18.0-193.el8.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm\nkernel-debug-devel-4.18.0-193.el8.aarch64.rpm\nkernel-debug-modules-4.18.0-193.el8.aarch64.rpm\nkernel-debug-modules-extra-4.18.0-193.el8.aarch64.rpm\nkernel-debuginfo-4.18.0-193.el8.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm\nkernel-devel-4.18.0-193.el8.aarch64.rpm\nkernel-headers-4.18.0-193.el8.aarch64.rpm\nkernel-modules-4.18.0-193.el8.aarch64.rpm\nkernel-modules-extra-4.18.0-193.el8.aarch64.rpm\nkernel-tools-4.18.0-193.el8.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm\nkernel-tools-libs-4.18.0-193.el8.aarch64.rpm\nperf-4.18.0-193.el8.aarch64.rpm\nperf-debuginfo-4.18.0-193.el8.aarch64.rpm\npython3-perf-4.18.0-193.el8.aarch64.rpm\npython3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm\n\nnoarch:\nkernel-abi-whitelists-4.18.0-193.el8.noarch.rpm\nkernel-doc-4.18.0-193.el8.noarch.rpm\n\nppc64le:\nbpftool-4.18.0-193.el8.ppc64le.rpm\nbpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm\nkernel-4.18.0-193.el8.ppc64le.rpm\nkernel-core-4.18.0-193.el8.ppc64le.rpm\nkernel-cross-headers-4.18.0-193.el8.ppc64le.rpm\nkernel-debug-4.18.0-193.el8.ppc64le.rpm\nkernel-debug-core-4.18.0-193.el8.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm\nkernel-debug-devel-4.18.0-193.el8.ppc64le.rpm\nkernel-debug-modules-4.18.0-193.el8.ppc64le.rpm\nkernel-debug-modules-extra-4.18.0-193.el8.ppc64le.rpm\nkernel-debuginfo-4.18.0-193.el8.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm\nkernel-devel-4.18.0-193.el8.ppc64le.rpm\nkernel-headers-4.18.0-193.el8.ppc64le.rpm\nkernel-modules-4.18.0-193.el8.ppc64le.rpm\nkernel-modules-extra-4.18.0-193.el8.ppc64le.rpm\nkernel-tools-4.18.0-193.el8.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm\nkernel-tools-libs-4.18.0-193.el8.ppc64le.rpm\nperf-4.18.0-193.el8.ppc64le.rpm\nperf-debuginfo-4.18.0-193.el8.ppc64le.rpm\npython3-perf-4.18.0-193.el8.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm\n\ns390x:\nbpftool-4.18.0-193.el8.s390x.rpm\nbpftool-debuginfo-4.18.0-193.el8.s390x.rpm\nkernel-4.18.0-193.el8.s390x.rpm\nkernel-core-4.18.0-193.el8.s390x.rpm\nkernel-cross-headers-4.18.0-193.el8.s390x.rpm\nkernel-debug-4.18.0-193.el8.s390x.rpm\nkernel-debug-core-4.18.0-193.el8.s390x.rpm\nkernel-debug-debuginfo-4.18.0-193.el8.s390x.rpm\nkernel-debug-devel-4.18.0-193.el8.s390x.rpm\nkernel-debug-modules-4.18.0-193.el8.s390x.rpm\nkernel-debug-modules-extra-4.18.0-193.el8.s390x.rpm\nkernel-debuginfo-4.18.0-193.el8.s390x.rpm\nkernel-debuginfo-common-s390x-4.18.0-193.el8.s390x.rpm\nkernel-devel-4.18.0-193.el8.s390x.rpm\nkernel-headers-4.18.0-193.el8.s390x.rpm\nkernel-modules-4.18.0-193.el8.s390x.rpm\nkernel-modules-extra-4.18.0-193.el8.s390x.rpm\nkernel-tools-4.18.0-193.el8.s390x.rpm\nkernel-tools-debuginfo-4.18.0-193.el8.s390x.rpm\nkernel-zfcpdump-4.18.0-193.el8.s390x.rpm\nkernel-zfcpdump-core-4.18.0-193.el8.s390x.rpm\nkernel-zfcpdump-debuginfo-4.18.0-193.el8.s390x.rpm\nkernel-zfcpdump-devel-4.18.0-193.el8.s390x.rpm\nkernel-zfcpdump-modules-4.18.0-193.el8.s390x.rpm\nkernel-zfcpdump-modules-extra-4.18.0-193.el8.s390x.rpm\nperf-4.18.0-193.el8.s390x.rpm\nperf-debuginfo-4.18.0-193.el8.s390x.rpm\npython3-perf-4.18.0-193.el8.s390x.rpm\npython3-perf-debuginfo-4.18.0-193.el8.s390x.rpm\n\nx86_64:\nbpftool-4.18.0-193.el8.x86_64.rpm\nbpftool-debuginfo-4.18.0-193.el8.x86_64.rpm\nkernel-4.18.0-193.el8.x86_64.rpm\nkernel-core-4.18.0-193.el8.x86_64.rpm\nkernel-cross-headers-4.18.0-193.el8.x86_64.rpm\nkernel-debug-4.18.0-193.el8.x86_64.rpm\nkernel-debug-core-4.18.0-193.el8.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm\nkernel-debug-devel-4.18.0-193.el8.x86_64.rpm\nkernel-debug-modules-4.18.0-193.el8.x86_64.rpm\nkernel-debug-modules-extra-4.18.0-193.el8.x86_64.rpm\nkernel-debuginfo-4.18.0-193.el8.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm\nkernel-devel-4.18.0-193.el8.x86_64.rpm\nkernel-headers-4.18.0-193.el8.x86_64.rpm\nkernel-modules-4.18.0-193.el8.x86_64.rpm\nkernel-modules-extra-4.18.0-193.el8.x86_64.rpm\nkernel-tools-4.18.0-193.el8.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm\nkernel-tools-libs-4.18.0-193.el8.x86_64.rpm\nperf-4.18.0-193.el8.x86_64.rpm\nperf-debuginfo-4.18.0-193.el8.x86_64.rpm\npython3-perf-4.18.0-193.el8.x86_64.rpm\npython3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\nbpftool-debuginfo-4.18.0-193.el8.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm\nkernel-debuginfo-4.18.0-193.el8.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm\nkernel-tools-libs-devel-4.18.0-193.el8.aarch64.rpm\nperf-debuginfo-4.18.0-193.el8.aarch64.rpm\npython3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm\n\nppc64le:\nbpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm\nkernel-debuginfo-4.18.0-193.el8.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm\nkernel-tools-libs-devel-4.18.0-193.el8.ppc64le.rpm\nperf-debuginfo-4.18.0-193.el8.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-4.18.0-193.el8.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm\nkernel-debuginfo-4.18.0-193.el8.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm\nkernel-tools-libs-devel-4.18.0-193.el8.x86_64.rpm\nperf-debuginfo-4.18.0-193.el8.x86_64.rpm\npython3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXqhVdNzjgjWX9erEAQhD/w//dPnDo2yo4d8QrzWDVVkXPNxRzhSCh7Rc\nvCtSYPB6YMydkKglUvdHS+ZGv+N/1xs8CTpAZ59q3NTiw2FdkCPfSuJiTwdCyOwc\nxars8lYLd2yKv/yhHXh5HDOloRRK26cKANvpUXFJCmbOq/muSEyhRTKKG2t+Iijn\nlMzS6BIheasfjupsy3K2JGeZCjKlH7u1yulJVH4BaQZ/K04NxKjOWGnZ9eAoP6gp\nAwPGT9YYT3Eg24NTaUVHBsrWMF7ybDkWuRav8TBHT8Uukoztjmypi/5C925tbVGM\nLn36s+wfwPuytgos3JcjYVFhAzPwdtay99ZlXukeJlVXBc/AZEqkE3tp1dOUz5o/\nQwjX2TByLMa6XAMWtNjW8AOcx30VuG73EoYNussB/J9+1eeehj7VpdAp/AWQm7q0\ndHe0U6Pzm48vWLvuBzuc1JLC87ssbIC1n4WrfyUm86ECT8WZ4TsF8FZwlrzMB8Au\nwPMo9RHXb4gU9WgSfdikOvZy8DnyUfSIPnlyK71iaa7rqRlPVWM/XqDq7so7KF1o\n3dE9bquitvi5H8/sEsgRGiqA6tb1Lh+mjhbE5FQxAggKnXz83UpJjk9aSL3dj+yY\nW1XxCp5lPPLclygA8lo7sqgD6RCBjWxzyGZBK0SoLzv2qHzrhxBeM0mOmhH7xRb5\nN2G5/HRp5K8=0ugo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4287-2\nFebruary 18, 2020\n\nlinux-azure vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-azure: Linux kernel for Microsoft Azure Cloud systems\n\nDetails:\n\nUSN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nkernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. \n\nIt was discovered that the Linux kernel did not properly clear data\nstructures on context switches for certain Intel graphics processors. A\nlocal attacker could use this to expose sensitive information. \n(CVE-2019-14615)\n\nIt was discovered that the Atheros 802.11ac wireless USB device driver in\nthe Linux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-15099)\n\nIt was discovered that the HSA Linux kernel driver for AMD GPU devices did\nnot properly check for errors in certain situations, leading to a NULL\npointer dereference. A local attacker could possibly use this to cause a\ndenial of service. (CVE-2019-16229)\n\nIt was discovered that the Marvell 8xxx Libertas WLAN device driver in the\nLinux kernel did not properly check for errors in certain situations,\nleading to a NULL pointer dereference. A local attacker could possibly use\nthis to cause a denial of service. (CVE-2019-16232)\n\nIt was discovered that a race condition existed in the Virtual Video Test\nDriver in the Linux kernel. An attacker with write access to /dev/video0 on\na system with the vivid module loaded could possibly use this to gain\nadministrative privileges. (CVE-2019-18683)\n\nIt was discovered that the Renesas Digital Radio Interface (DRIF) driver in\nthe Linux kernel did not properly initialize data. A local attacker could\npossibly use this to expose sensitive information (kernel memory). \n(CVE-2019-18786)\n\nIt was discovered that the Afatech AF9005 DVB-T USB device driver in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. (CVE-2019-18809)\n\nIt was discovered that the btrfs file system in the Linux kernel did not\nproperly validate metadata, leading to a NULL pointer dereference. An\nattacker could use this to specially craft a file system image that, when\nmounted, could cause a denial of service (system crash). (CVE-2019-19057)\n\nIt was discovered that the crypto subsystem in the Linux kernel did not\nproperly deallocate memory in certain error conditions. \n(CVE-2019-19062)\n\nIt was discovered that the Realtek rtlwifi USB device driver in the Linux\nkernel did not properly deallocate memory in certain error conditions. (CVE-2019-19063)\n\nIt was discovered that the RSI 91x WLAN device driver in the Linux kernel\ndid not properly deallocate memory in certain error conditions. (CVE-2019-19071)\n\nIt was discovered that the Atheros 802.11ac wireless USB device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. (CVE-2019-19078)\n\nIt was discovered that the AMD GPU device drivers in the Linux kernel did\nnot properly deallocate memory in certain error conditions. (CVE-2019-19082)\n\nDan Carpenter discovered that the AppleTalk networking subsystem of the\nLinux kernel did not properly handle certain error conditions, leading to a\nNULL pointer dereference. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2019-19227)\n\nIt was discovered that the KVM hypervisor implementation in the Linux\nkernel did not properly handle ioctl requests to get emulated CPUID\nfeatures. An attacker with access to /dev/kvm could use this to cause a\ndenial of service (system crash). (CVE-2019-19332)\n\nIt was discovered that the ext4 file system implementation in the Linux\nkernel did not properly handle certain conditions. An attacker could use\nthis to specially craft an ext4 file system that, when mounted, could cause\na denial of service (system crash) or possibly execute arbitrary code. \n(CVE-2019-19767)\n\nGao Chuan discovered that the SAS Class driver in the Linux kernel\ncontained a race condition that could lead to a NULL pointer dereference. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2019-19965)\n\nIt was discovered that the Datagram Congestion Control Protocol (DCCP)\nimplementation in the Linux kernel did not properly deallocate memory in\ncertain error conditions. (CVE-2019-20096)\n\nMitchell Frank discovered that the Wi-Fi implementation in the Linux kernel\nwhen used as an access point would send IAPP location updates for stations\nbefore client authentication had completed. A physically proximate attacker\ncould use this to cause a denial of service. (CVE-2019-5108)\n\nIt was discovered that a race condition can lead to a use-after-free while\ndestroying GEM contexts in the i915 driver for the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2020-7053)\n\nIt was discovered that the B2C2 FlexCop USB device driver in the Linux\nkernel did not properly validate device metadata. A physically proximate\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-15291)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n linux-image-4.15.0-1069-azure 4.15.0-1069.74~14.04.1\n linux-image-azure 4.15.0.1069.55\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://usn.ubuntu.com/4287-2\n https://usn.ubuntu.com/4287-1\n CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229,\n CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809,\n CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063,\n CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227,\n CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096,\n CVE-2019-5108, CVE-2020-7053\n\n. 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\n* RT: update RT source tree to the RHEL-8.2 tree (BZ#1708716)\n\n* KVM-RT guest fails boot with emulatorsched (BZ#1712781)\n\n* 8 vCPU guest need max latency \u003c 20 us with stress [RT-8.2] (BZ#1757165)\n\n* Request nx_huge_pages=N as default value to avoid kvm-rt guest large\nlatency spike [rt-8] (BZ#1788352)\n\n* RT: Add rpm Provide of \u0027kernel\u0027 to indicate that this is a kernel package\n(BZ#1796284)\n\n* [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot\n(BZ#1806871)\n\nEnhancement(s):\n\n* update to the upstream 5.x RT patchset (BZ#1680161)\n\n4", "sources": [ { "db": "NVD", "id": "CVE-2019-19057" }, { "db": "VULMON", "id": "CVE-2019-19057" }, { "db": "PACKETSTORM", "id": "156110" }, { "db": "PACKETSTORM", "id": "156419" }, { "db": "PACKETSTORM", "id": "155890" }, { "db": "PACKETSTORM", "id": "156422" }, { "db": "PACKETSTORM", "id": "157422" }, { "db": "PACKETSTORM", "id": "156427" }, { "db": "PACKETSTORM", "id": "157444" }, { "db": "PACKETSTORM", "id": "156124" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-19057", "trust": 2.5 }, { "db": "PACKETSTORM", "id": "155890", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "156427", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157444", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156124", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.0305", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0830", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4584", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4793", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0141", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0200", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0572", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4704", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1520", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0851", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1480", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0572.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0766", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4346.2", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201911-1078", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-19057", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "156110", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "156419", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "156422", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "157422", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-19057" }, { "db": "PACKETSTORM", "id": "156110" }, { "db": "PACKETSTORM", "id": "156419" }, { "db": "PACKETSTORM", "id": "155890" }, { "db": "PACKETSTORM", "id": "156422" }, { "db": "PACKETSTORM", "id": "157422" }, { "db": "PACKETSTORM", "id": "156427" }, { "db": "PACKETSTORM", "id": "157444" }, { "db": "PACKETSTORM", "id": "156124" }, { "db": "CNNVD", "id": "CNNVD-201911-1078" }, { "db": "NVD", "id": "CVE-2019-19057" } ] }, "id": "VAR-201911-1410", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.625 }, "last_update_date": "2024-07-23T19:33:13.621000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Linux kernel Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105209" }, { "title": "Red Hat: Important: kernel security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201769 - security advisory" }, { "title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4254-1" }, { "title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4254-2" }, { "title": "Ubuntu Security Notice: linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4285-1" }, { "title": "Ubuntu Security Notice: linux-azure vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4287-2" }, { "title": "Ubuntu Security Notice: linux, linux-aws, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4284-1" }, { "title": "Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4287-1" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-19057" }, { "db": "CNNVD", "id": "CNNVD-201911-1078" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-401", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2019-19057" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://packetstormsecurity.com/files/155890/slackware-security-advisory-slackware-14.2-kernel-updates.html" }, { "trust": 2.3, "url": "https://usn.ubuntu.com/4254-1/" }, { "trust": 2.2, "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" }, { "trust": 2.2, "url": "https://usn.ubuntu.com/4284-1/" }, { "trust": 2.2, "url": "https://usn.ubuntu.com/4285-1/" }, { "trust": 2.2, "url": "https://usn.ubuntu.com/4254-2/" }, { "trust": 2.2, "url": "https://usn.ubuntu.com/4287-2/" }, { "trust": 2.2, "url": "https://usn.ubuntu.com/4287-1/" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" }, { "trust": 1.7, "url": "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c" }, { "trust": 1.7, "url": "https://seclists.org/bugtraq/2020/jan/10" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19057" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/o3psde6ptotvbk2ytkb2tfqp2subvsnf/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/py7ljmspagrikabjpdkqdtxyw3l5rx2t/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2019-19057" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/o3psde6ptotvbk2ytkb2tfqp2subvsnf/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/py7ljmspagrikabjpdkqdtxyw3l5rx2t/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19063" }, { "trust": 0.6, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4286-2/" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4286-1/" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193381-1.html" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4255-2/" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4253-2/" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4258-1/" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4255-1/" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4253-1/" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1.html" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193317-1.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156124/ubuntu-security-notice-usn-4254-2.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156427/ubuntu-security-notice-usn-4287-2.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4704/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0766/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0305/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4793/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0572.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0851/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4584/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0830/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0200/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-7/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0572/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0141/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-6/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1480/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157444/red-hat-security-advisory-2020-1567-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/linux-kernel-multiple-vulnerabilities-via-memory-leak-30911" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4346.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1520/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19227" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15291" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18683" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19062" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19332" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18885" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15099" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19965" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16229" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18786" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20096" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18809" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5108" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7053" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16232" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:1769" }, { "trust": 0.2, "url": "https://usn.ubuntu.com/4254-1" }, { "trust": 0.2, "url": "https://usn.ubuntu.com/4287-1" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19078" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19071" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19767" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19082" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-15221" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19768" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17055" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15221" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15090" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10639" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19073" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19073" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19768" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19074" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8980" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18805" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1749" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-8980" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19922" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-18805" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-15099" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1749" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10639" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19922" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17055" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17053" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19074" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19534" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-15090" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17053" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19534" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-16871" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110895" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-173.203" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1128.137" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1101.112" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1132.140" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1065.72" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1025.28" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1031.32" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1032.34" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1011.16" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19947" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4285-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1030.31" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19524" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19332" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18660" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19063" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15291" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19338" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15917" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19057" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19227" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19062" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18660" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15917" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18683" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19338" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12614" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19524" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1072.79" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1053.53" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1071.76" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1060.62" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-88.88~16.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1033.36~16.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1052.55" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1055.59" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1055.59" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1060.62~16.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1033.36" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-88.88" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4287-2" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1567" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4254-2" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-19057" }, { "db": "PACKETSTORM", "id": "156110" }, { "db": "PACKETSTORM", "id": "156419" }, { "db": "PACKETSTORM", "id": "155890" }, { "db": "PACKETSTORM", "id": "156422" }, { "db": "PACKETSTORM", "id": "157422" }, { "db": "PACKETSTORM", "id": "156427" }, { "db": "PACKETSTORM", "id": "157444" }, { "db": "PACKETSTORM", "id": "156124" }, { "db": "CNNVD", "id": "CNNVD-201911-1078" }, { "db": "NVD", "id": "CVE-2019-19057" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-19057" }, { "db": "PACKETSTORM", "id": "156110" }, { "db": "PACKETSTORM", "id": "156419" }, { "db": "PACKETSTORM", "id": "155890" }, { "db": "PACKETSTORM", "id": "156422" }, { "db": "PACKETSTORM", "id": "157422" }, { "db": "PACKETSTORM", "id": "156427" }, { "db": "PACKETSTORM", "id": "157444" }, { "db": "PACKETSTORM", "id": "156124" }, { "db": "CNNVD", "id": "CNNVD-201911-1078" }, { "db": "NVD", "id": "CVE-2019-19057" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-18T00:00:00", "db": "VULMON", "id": "CVE-2019-19057" }, { "date": "2020-01-28T15:44:44", "db": "PACKETSTORM", "id": "156110" }, { "date": "2020-02-19T15:25:47", "db": "PACKETSTORM", "id": "156419" }, { "date": "2020-01-09T15:06:22", "db": "PACKETSTORM", "id": "155890" }, { "date": "2020-02-19T15:27:54", "db": "PACKETSTORM", "id": "156422" }, { "date": "2020-04-28T20:19:01", "db": "PACKETSTORM", "id": "157422" }, { "date": "2020-02-19T15:35:02", "db": "PACKETSTORM", "id": "156427" }, { "date": "2020-04-28T20:29:58", "db": "PACKETSTORM", "id": "157444" }, { "date": "2020-01-29T17:15:05", "db": "PACKETSTORM", "id": "156124" }, { "date": "2019-11-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201911-1078" }, { "date": "2019-11-18T06:15:12.140000", "db": "NVD", "id": "CVE-2019-19057" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2019-19057" }, { "date": "2021-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201911-1078" }, { "date": "2023-11-07T03:07:24.680000", "db": "NVD", "id": "CVE-2019-19057" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "PACKETSTORM", "id": "156110" }, { "db": "PACKETSTORM", "id": "156419" }, { "db": "PACKETSTORM", "id": "156422" }, { "db": "PACKETSTORM", "id": "156427" }, { "db": "PACKETSTORM", "id": "156124" }, { "db": "CNNVD", "id": "CNNVD-201911-1078" } ], "trust": 1.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Linux kernel Resource Management Error Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201911-1078" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201911-1078" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.