Errata ALT-PU-2019-2890-1: Information
Fixes
Published: Sept. 11, 2019
BDU:2019-04676
Уязвимость ядра Linux, связанная с переполнения буфера виртуальной памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 18, 2019
BDU:2019-04677
Уязвимость функции Coalesced_MMIO ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Severity: HIGH (8.8) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
Published: April 16, 2019
BDU:2020-01342
Уязвимость функции SMB2_negotiate (fs/cifs/smb2pdu.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 22, 2019
BDU:2020-01344
Уязвимость компонента drivers/media/usb/dvb-usb/technisat-usb2.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 5, 2019
BDU:2020-01488
Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
Severity: MEDIUM (4.4) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Links:
Published: Sept. 4, 2019
BDU:2020-01490
Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
Severity: MEDIUM (4.4) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Links:
Published: Aug. 22, 2019
BDU:2020-01862
Уязвимость функции в drivers/net/wireless/rsi/rsi_91x_usb.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 3, 2019
BDU:2020-03327
Уязвимость функции mwifiex_update_vs_ie() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 3, 2019
BDU:2020-03328
Уязвимость функции mwifiex_set_uap_rates() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 3, 2019
BDU:2020-03329
Уязвимость функции mwifiex_set_wmm_params() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 20, 2019
Modified: Sept. 28, 2023
Modified: Sept. 28, 2023
CVE-2019-14814
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://access.redhat.com/security/cve/cve-2019-14814
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4163-1
- USN-4163-2
- USN-4162-2
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2020:0174
- RHSA-2020:0328
- RHSA-2020:0339
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
Published: Nov. 25, 2019
Modified: July 13, 2023
Modified: July 13, 2023
CVE-2019-14815
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://access.redhat.com/security/cve/cve-2019-14815
- RHSA-2020:0174
- RHSA-2020:0328
- RHSA-2020:0339
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com
Published: Sept. 20, 2019
Modified: July 12, 2023
Modified: July 12, 2023
CVE-2019-14816
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- https://access.redhat.com/security/cve/cve-2019-14816
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4163-1
- USN-4163-2
- USN-4162-2
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2020:0174
- RHSA-2020:0204
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0375
- RHSA-2020:0374
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- RHSA-2020:0653
- RHSA-2020:0661
- RHSA-2020:0664
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
Published: Sept. 19, 2019
Modified: Feb. 16, 2024
Modified: Feb. 16, 2024
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- [oss-security] 20190920 CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
- DSA-4531
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- https://security.netapp.com/advisory/ntap-20191004-0001/
- openSUSE-SU-2019:2307
- openSUSE-SU-2019:2308
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4163-1
- USN-4163-2
- USN-4162-2
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- RHSA-2019:3517
- RHSA-2019:3309
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2019:3978
- RHSA-2019:3979
- RHSA-2019:4154
- RHSA-2019:4256
- RHSA-2020:0027
- RHSA-2020:0204
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
Published: Sept. 17, 2019
Modified: Dec. 15, 2023
Modified: Dec. 15, 2023
CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835
- https://www.openwall.com/lists/oss-security/2019/09/17/1
- USN-4135-2
- RHSA-2019:2828
- RHSA-2019:2827
- RHSA-2019:2830
- RHSA-2019:2829
- RHSA-2019:2854
- RHSA-2019:2863
- RHSA-2019:2862
- RHSA-2019:2865
- RHSA-2019:2864
- RHSA-2019:2866
- RHSA-2019:2867
- RHSA-2019:2869
- http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html
- [oss-security] 20190924 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
- RHSA-2019:2889
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- DSA-4531
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- RHSA-2019:2900
- RHSA-2019:2901
- RHSA-2019:2899
- RHSA-2019:2924
- USN-4135-1
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- [oss-security] 20191003 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
- [oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
- [oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
- RHBA-2019:2824
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/
Published: Sept. 13, 2019
Modified: Aug. 24, 2020
Modified: Aug. 24, 2020
CVE-2019-15030
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60
- http://www.openwall.com/lists/oss-security/2019/09/10/3
- USN-4135-2
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- USN-4135-1
- https://security.netapp.com/advisory/ntap-20191004-0001/
- RHSA-2020:0740
Published: Sept. 13, 2019
Modified: July 21, 2021
Modified: July 21, 2021
CVE-2019-15031
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Links:
Published: Aug. 23, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-15504
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://support.f5.com/csp/article/K33554143
- USN-4157-1
- USN-4157-2
- https://lore.kernel.org/lkml/20190819220230.10597-1-benquike%40gmail.com/
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-97380355ae
- https://support.f5.com/csp/article/K33554143?utm_source=f5support&amp%3Butm_medium=RSS
Published: Aug. 23, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-15505
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://support.f5.com/csp/article/K28222050
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4163-1
- USN-4163-2
- USN-4162-2
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/
- https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-97380355ae
- https://support.f5.com/csp/article/K28222050?utm_source=f5support&amp%3Butm_medium=RSS
Published: Sept. 4, 2019
Modified: Jan. 18, 2023
Modified: Jan. 18, 2023
CVE-2019-15918
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links: