Errata ALT-PU-2019-3292-1: Information
Fixes
Published: Oct. 1, 2019
BDU:2019-04805
Уязвимость функции rsi_send_beacon() (drivers/net/wireless/rsi/rsi_91x_mgmt.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 11, 2019
BDU:2020-00155
Уязвимость функции qrtr_tun_write_iter() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Dec. 4, 2019
BDU:2020-05893
Уязвимость запроса гипервизора KVM KVM_GET_EMULATED_CPUID ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
Severity: MEDIUM (6.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Nov. 18, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-19071
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 18, 2019
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2019-19079
A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 9, 2020
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-19332
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
- https://www.openwall.com/lists/oss-security/2019/12/16/1
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- USN-4254-1
- USN-4254-2
- https://security.netapp.com/advisory/ntap-20200204-0002/
- USN-4258-1
- USN-4287-1
- USN-4287-2
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- USN-4284-1
- openSUSE-SU-2020:0336
- https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/