Errata ALT-PU-2019-2930-1: Information
Fixes
Published: Sept. 23, 2019
BDU:2019-03507
Уязвимость компонента net/wireless/nl80211.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 27, 2019
BDU:2020-00158
Уязвимость функции nfp_abm_u32_knode_replace() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 19, 2019
BDU:2020-00288
Уязвимость драйвера drivers/net/ieee802154/atusb.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.6) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-16746
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://marc.info/?l=linux-wireless&m=156901391225058&w=2
- https://security.netapp.com/advisory/ntap-20191031-0005/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- USN-4186-1
- USN-4183-1
- USN-4210-1
- USN-4209-1
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:1153
- https://www.oracle.com/security-alerts/cpuApr2021.html
- FEDORA-2019-057d691fd4
Published: Nov. 18, 2019
Modified: May 17, 2024
Modified: May 17, 2024
CVE-2019-19076
A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/78beef629fd95be4ed853b2d37b832f766bd96ca
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
- USN-4209-1
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://git.kernel.org/linus/1d1997db870f4058676439ef7014390ba9e24eb2
- https://lore.kernel.org/lkml/20191204103955.63c4d9af%40cakuba.netronome.com/
Published: Dec. 3, 2019
Modified: Oct. 31, 2022
Modified: Oct. 31, 2022
CVE-2019-19525
In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.
Severity: MEDIUM (4.6) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fd25e6fc035f4b04b75bca6d7e8daa069603a76
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.6
- [oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3
- openSUSE-SU-2019:2675
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update