Errata ALT-PU-2019-1893-1: Information
Fixes
Published: May 10, 2019
BDU:2019-02780
Уязвимость файла fs/ext4/extents.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: April 24, 2019
BDU:2019-03630
Уязвимость модуля vhost_net ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 28, 2019
BDU:2019-04720
Уязвимость компонента __xfrm_policy_unlink ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: May 5, 2019
BDU:2020-00116
Уязвимость функций net/appletalk/aarp.c и net/appletalk/ddp.c подсистемы AppleTalk ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2019
BDU:2020-00167
Уязвимость функции fs/btrfs/volumes.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 1, 2019
BDU:2020-00358
Уязвимость функции __feat_register_sp() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 23, 2019
BDU:2020-00844
Уязвимость функции L2CAP_PARSE_CONF_RSP ядра операционных систем Linux, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: MEDIUM (6.5) Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Jan. 23, 2019
BDU:2020-00845
Уязвимость функции L2CAP_GET_CONF_OPT ядра операционных систем Linux, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: MEDIUM (6.5) Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Feb. 19, 2019
BDU:2020-02044
Уязвимость функции brcmf_wowl_nd_results драйвер Broadcom brcmfmac WiFi ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Severity: HIGH (8.3) Vector: AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: June 7, 2021
BDU:2022-03138
Уязвимость подсистемы XFRM ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 30, 2019
Modified: Oct. 10, 2019
Modified: Oct. 10, 2019
CVE-2019-10142
A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 15, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-11833
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
- 108372
- openSUSE-SU-2019:1479
- DSA-4465
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- openSUSE-SU-2019:1570
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- openSUSE-SU-2019:1579
- USN-4068-1
- USN-4068-2
- USN-4069-1
- USN-4076-1
- USN-4069-2
- RHSA-2019:2043
- RHSA-2019:2029
- USN-4095-2
- USN-4118-1
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- RHSA-2019:3517
- RHSA-2019:3309
- FEDORA-2019-48b34fc991
Published: Aug. 27, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-15666
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b805d78d300bcf2c83d6df7da0c818b0fee41427
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19
- [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://support.f5.com/csp/article/K53420251?utm_source=f5support&amp%3Butm_medium=RSS
Published: Nov. 14, 2019
Modified: June 14, 2021
Modified: June 14, 2021
CVE-2019-18885
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ba3bc9dd150457c506e4661380a6183af651c1
- https://github.com/bobfuzzer/CVE-2019-18885
- https://github.com/torvalds/linux/commit/09ba3bc9dd150457c506e4661380a6183af651c1
- https://security.netapp.com/advisory/ntap-20191205-0001/
- USN-4254-1
- USN-4254-2
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- USN-4258-1
- USN-4287-1
- USN-4287-2
- [debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package
- https://www.oracle.com/security-alerts/cpuApr2021.html
Published: Nov. 22, 2019
Modified: Dec. 12, 2019
Modified: Dec. 12, 2019
CVE-2019-19227
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9804501fa1228048857910a6bf23e085aade37cc
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1
- openSUSE-SU-2019:2675
- https://security.netapp.com/advisory/ntap-20200103-0001/
- 20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- USN-4254-1
- USN-4254-2
- USN-4258-1
- USN-4287-1
- USN-4287-2
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
Published: Dec. 30, 2019
Modified: Jan. 20, 2023
Modified: Jan. 20, 2023
CVE-2019-20096
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1d3ff0950e2b40dc861b1739029649d03f591820
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
- USN-4285-1
- USN-4287-1
- USN-4286-2
- USN-4287-2
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- USN-4286-1
- openSUSE-SU-2020:0336
Published: June 7, 2021
Modified: April 29, 2022
Modified: April 29, 2022
CVE-2019-25045
An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399
- https://syzkaller.appspot.com/bug?id=f99edaeec58ad40380ed5813d89e205861be2896
- https://sites.google.com/view/syzscope/warning-in-xfrm_state_fini-2
- https://security.netapp.com/advisory/ntap-20210720-0003/
Published: April 11, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-3459
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html
- [oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)
- https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
- https://bugzilla.redhat.com/show_bug.cgi?id=1663176
- https://bugzilla.novell.com/show_bug.cgi?id=1120758
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- [oss-security] 20190627 Re: linux-distros membership application - Microsoft
- [oss-security] 20190627 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- RHSA-2019:2043
- RHSA-2019:2029
- [oss-security] 20190811 Re: linux-distros membership application - Microsoft
- RHSA-2019:3517
- RHSA-2019:3309
- RHSA-2020:0740
- [linux-bluetooth] 20190110 [PATCH 1/2] Bluetooth: check message types in l2cap_get_conf_opt
Published: April 11, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-3460
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html
- [oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)
- https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
- https://bugzilla.redhat.com/show_bug.cgi?id=1663179
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- [oss-security] 20190627 Re: linux-distros membership application - Microsoft
- [oss-security] 20190627 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- RHSA-2019:2043
- RHSA-2019:2029
- [oss-security] 20190811 Re: linux-distros membership application - Microsoft
- RHSA-2019:3517
- RHSA-2019:3309
- RHSA-2020:0740
- [linux-bluetooth] 20190110 [PATCH 2/2] Bluetooth: check the buffer size for some messages before parsing
Published: April 25, 2019
Modified: April 26, 2024
Modified: April 26, 2024
CVE-2019-3900
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
Severity: HIGH (7.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://www.spinics.net/lists/kernel/msg3111012.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900
- 108076
- https://security.netapp.com/advisory/ntap-20190517-0005/
- RHSA-2019:1973
- RHSA-2019:2043
- RHSA-2019:2029
- DSA-4497
- 20190813 [SECURITY] [DSA 4497-1] linux security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update
- USN-4114-1
- USN-4117-1
- USN-4116-1
- USN-4115-1
- USN-4118-1
- RHSA-2019:3220
- RHSA-2019:3517
- RHSA-2019:3309
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2019:3836
- RHSA-2019:3967
- RHSA-2019:4058
- RHSA-2020:0204
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/
Published: Jan. 17, 2020
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2019-9500
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
Severity: HIGH (8.3) Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: June 19, 2023
Modified: June 29, 2023
Modified: June 29, 2023
CVE-2023-3022
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links: