Errata ALT-PU-2021-3032-1: Information
Package name: kernel-image-un-def
Version: 4.9.277-alt0.M70C.1
Bulletin updated: Oct. 13, 2021
Task: #281292
Fixes
Published: Jan. 1, 1970
BDU:2015-05303
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05304
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05305
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05306
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05307
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05308
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05309
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05310
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05311
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05312
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05313
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05314
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05315
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить доступность защищаемой информации
Severity: HIGH (7.8)
Links:
Published: Jan. 1, 1970
BDU:2015-05542
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.2)
Links:
Published: Jan. 1, 1970
BDU:2015-05543
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.2)
Links:
Published: Nov. 30, 2000
BDU:2015-07788
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.2)
Links:
Published: Nov. 30, 2000
BDU:2015-07831
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.2)
Links:
Published: Dec. 22, 2017
BDU:2018-00001
Уязвимость процессоров Intel и АRM, вызванная ошибкой контроля доступа к памяти при спекулятивном выполнении инструкций процессора, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
Published: Jan. 7, 2018
BDU:2018-00002
Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
Published: Jan. 7, 2018
BDU:2018-00003
Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю получить доступ к защищенной памяти из программы
Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
Published: Jan. 3, 2018
BDU:2018-00412
Уязвимость функции rds_message_alloc_sgs() ядра операционной системы Linux, позволяющая нарушителю осуществить запись за границами буфера в памяти
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 11, 2018
BDU:2018-00414
Уязвимость функций snd_seq_write и snd_seq_ioctl_set_client_pool (seq_clientmgr.c) звуковой подсистемы ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 3, 2017
BDU:2018-00491
Уязвимость функции blkcg_init_queue ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 22, 2017
BDU:2018-00517
Уязвимость подсистемы шифрования Parallel Crypto Engine операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 6, 2017
BDU:2018-00569
Уязвимость компонента hns_enet.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 19, 2018
BDU:2018-00604
Уязвимость интерфейса системных вызовов (SCI) ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 26, 2018
BDU:2018-00715
Уязвимость функции ext4_valid_block_bitmap ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: March 29, 2018
BDU:2018-00716
Уязвимость функции ext4_iget ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Jan. 3, 2018
BDU:2018-00995
Уязвимость процессоров Intel, связанная с возможностью спекулятивного выполнения команд и позволяющая нарушителю получить несанкционированный доступ к памяти ядра операционной системы или SMM-памяти
Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Links:
Published: Sept. 13, 2018
BDU:2018-01144
Уязвимость функции vmacache_flush_all() ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 21, 2019
BDU:2019-00818
Уязвимость функции kernel_read_file ядра операционной системы Linux, связанная с неправильным освобождением памяти перед удалением последний ссылки, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 6, 2018
BDU:2019-00979
Уязвимость файла drivers/usb/misc/yurex.c ядра операционной системы Linux, позволяющая нарушителю вызвать сбой в работе ядра операционной системы или повысить привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 16, 2018
BDU:2019-01054
Уязвимость функции ext4_ext_remove_space() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 14, 2018
BDU:2019-01055
Уязвимость функции ext4_ext_drop_refs() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.5) Vector: AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: June 8, 2018
BDU:2019-01057
Уязвимость функции ext4_xattr_set_entry() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 16, 2018
BDU:2019-01058
Уязвимость функции ext4_update_inline_data() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: June 17, 2018
BDU:2019-01059
Уязвимость в файле transaction.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 16, 2018
BDU:2019-01060
Уязвимость функции jbd2_journal_dirty_metadata() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Aug. 21, 2018
BDU:2019-01061
Уязвимость функций connect() и close() ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 17, 2018
BDU:2019-01341
Уязвимость сервера NFS ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.0) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 26, 2018
BDU:2019-01343
Уязвимость функции cdrom_ioctl_drive_status() операционных систем Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (6.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Links:
Published: Jan. 26, 2019
BDU:2019-01346
Уязвимость функции kvm_ioctl_create_device ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 11, 2018
BDU:2019-01352
Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 12, 2018
BDU:2019-01409
Уязвимость функции hso_get_config_data ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.6) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Sept. 24, 2018
BDU:2019-01738
Уязвимость функции chap_server_compute_md5() реализации протокола ISCSI ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или получить доступ к защищаемой информации
Severity: HIGH (7.0) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Links:
Published: March 6, 2019
BDU:2019-01957
Уязвимость процессоров Intel, связанная с микроархитектурной выборкой данных некэшируемой памяти (MDSUM), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
Published: March 6, 2019
BDU:2019-01958
Уязвимость порта загрузки MLPDS микропрограммного обеспечения Intel, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
Published: March 6, 2019
BDU:2019-01959
Уязвимость процессоров Intel, связанная с восстановлением содержимого буферов заполнения (MFBDS), позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
Published: March 6, 2019
BDU:2019-01960
Уязвимость буфера данных MSBDS микропрограммного обеспечения Intel, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (5.1) Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: June 17, 2019
BDU:2019-02194
Уязвимость механизма TCP Selective Acknowledgement ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 15, 2019
BDU:2019-02195
Уязвимость механизма TCP Selective Acknowledgement ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 15, 2019
BDU:2019-02196
Уязвимость ядра операционной системы Linux, вызванная ошибками при обработке сегментов минимального размера, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 4, 2018
BDU:2019-02508
Уязвимость функции irda_setsockopt ядра операционной системы Linux, позволяющая нарушителю вызывать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 11, 2019
BDU:2019-02763
Уязвимость в файлах fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, mm/hugetlb.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 10, 2019
BDU:2019-02780
Уязвимость файла fs/ext4/extents.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Jan. 24, 2019
BDU:2019-02782
Уязвимость функции hid_debug_events_read () ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.4) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 25, 2018
BDU:2019-02826
Уязвимость функций smp_task_timedout () и smp_task_done () в файле drivers/scsi/libsas/sas_expander.c ядра операционной системы Linux, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 22, 2019
BDU:2019-02927
Уязвимость функции mwifiex_update_bss_desc_with_ie ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии, вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 16, 2019
BDU:2019-03220
Уязвимость драйвера drivers/net/wireless/ath/ath6kl/usb.c ядра операционных систем Linux, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: March 7, 2018
BDU:2019-03459
Уязвимость функции fd_locked_ioctl ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Oct. 31, 2018
BDU:2019-03460
Уязвимость функции hidp_process_report компонента bluetooth ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.4) Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 23, 2019
BDU:2019-03507
Уязвимость компонента net/wireless/nl80211.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 18, 2019
BDU:2019-03627
Уязвимость ядра операционной системы Linux, связанная с ошибкой управления ресурсами, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 3, 2019
BDU:2019-03629
Уязвимость драйвера vfio ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 24, 2019
BDU:2019-03630
Уязвимость модуля vhost_net ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 15, 2019
BDU:2019-03812
Уязвимость функции rtl_p2p_noa_ie из drivers/net/wireless/realtek/rtlwifi/ps.c ядра операционной системы Linux, связанная с переполнением буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 7, 2019
BDU:2019-03996
Уязвимость ядра операционной системы Linux, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: April 17, 2019
BDU:2019-04515
Уязвимость функции dwc3_pci_probe() (drivers/usb/dwc3/dwc3-pci.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 4, 2019
BDU:2019-04661
Уязвимость функции gs_can_open() (drivers/net/can/usb/gs_usb.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 11, 2019
BDU:2019-04676
Уязвимость ядра Linux, связанная с переполнения буфера виртуальной памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 18, 2019
BDU:2019-04677
Уязвимость функции Coalesced_MMIO ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Severity: HIGH (8.8) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
Published: July 29, 2019
BDU:2019-04744
Уязвимость драйверов drivers/bluetooth/hci_ath.c, drivers/bluetooth/hci_bcm.c, drivers/bluetooth/hci_intel.c, drivers/bluetooth/hci_ldisc.c, drivers/bluetooth/hci_mrvl.c, drivers/bluetooth/hci_qca.c, drivers/bluetooth/hci_uart.h для UART-подключаемых адаптеров Bluetooth ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.7) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 29, 2019
BDU:2019-04787
Уязвимость функций ath6kl_wmi_pstream_timeout_event_rx и ath6kl_wmi_cac_event_rx ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: CRITICAL (9.1) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Nov. 28, 2019
BDU:2019-04788
Уязвимость функции из marvell/mwifiex/tdls.c драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 26, 2019
BDU:2019-04798
Уязвимость функции add_ie_rates (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 28, 2019
BDU:2019-04799
Уязвимость функции mwifiex_process_country_ie() (drivers/net/wireless/marvell/mwifiex/sta_ioctl.c) драйвера Marvell WiFi ядра операционной системы Linux, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 9, 2019
BDU:2019-04812
Уязвимость функции adis_update_scan_mode_burst() (drivers/iio/imu/adis_buffer.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 9, 2019
BDU:2019-04829
Уязвимость функции adis_update_scan_mode() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 20, 2019
BDU:2019-04855
Уязвимость функции ext4_empty_dir (fs/ext4/namei.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: May 4, 2019
BDU:2019-04876
Уязвимость драйвера i40e контроллеров Intel Ethernet серии 700, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 10, 2019
BDU:2019-04892
Уязвимость драйвера drivers/net/wireless/ath/ath9k/htc_hst.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 3, 2019
BDU:2020-00078
Уязвимость функции cfg80211_mgd_wext_giwessid (net/wireless/wext-sme.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 5, 2019
BDU:2020-00233
Уязвимость SMB-клиента ядра операционной системы Linux, позволяющая нарушителю манипулировать файлами в каталоге клиента
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Sept. 4, 2019
BDU:2020-00236
Уязвимость подсистемы ptrace ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.6) Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
Published: Dec. 6, 2019
BDU:2020-00304
Уязвимость функции try_merge_free_space ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Dec. 16, 2019
BDU:2020-00352
Уязвимость функции __btrfs_map_block ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 11, 2018
BDU:2020-00368
Уязвимость функции cpia2_remap_buffer ядра операционной системы Linux, позволяющая нарушителю получить доступ на чтение и запись на физических страницах ядра и повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 16, 2018
BDU:2020-00735
Уязвимость функции xenvif_set_hash_mapping гипервизора Xen, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 4, 2020
BDU:2020-00785
Уязвимость функции vc_do_resize ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Feb. 4, 2020
BDU:2020-00786
Уязвимость функции vgacon_invert_region ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Feb. 4, 2020
BDU:2020-00787
Уязвимость функции n_tty_receive_buf_common ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Links:
Published: Jan. 7, 2019
BDU:2020-00842
Уязвимость в функции can_can_gw_rcv in net/can/gw.c ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.4) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 9, 2020
BDU:2020-00884
Уязвимость микропрограммного обеспечения процессоров Intel c Intel Processor Graphics, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: July 22, 2019
BDU:2020-01344
Уязвимость компонента drivers/media/usb/dvb-usb/technisat-usb2.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 7, 2019
BDU:2020-01474
Уязвимость функции build_audio_procunit ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 5, 2019
BDU:2020-01488
Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
Severity: MEDIUM (4.4) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Links:
Published: June 1, 2019
BDU:2020-01593
Уязвимость функции mwifiex_uap_parse_tail_ies ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 28, 2019
BDU:2020-01595
Уязвимость функции rds_tcp_kill_sock ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 28, 2019
BDU:2020-01796
Уязвимость функции lbs_ibss_join_existing (drivers/net/wireless/marvell/libertas/cfg.c) драйвера Marvell WiFi ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 5, 2019
BDU:2020-01891
Уязвимость функции ptrace_link ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 19, 2019
BDU:2020-02044
Уязвимость функции brcmf_wowl_nd_results драйвер Broadcom brcmfmac WiFi ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Severity: HIGH (8.3) Vector: AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: May 4, 2020
BDU:2020-02427
Уязвимость функции pivot_root (fs/namespace.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.7) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 3, 2009
BDU:2020-02817
Уязвимость программы для установки SSL сертификатов в стандартизированной инструментарии Linux Sblim-sfcb, связанная с неверным определением ссылки перед доступом к файлу, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Jan. 31, 2008
BDU:2020-02841
Уязвимость агента обновления Novell ZENworks Patch Management клиента обновления PatchLink, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: MEDIUM (6.3) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Links:
Published: Aug. 14, 2007
BDU:2020-02848
Уязвимость функции sysstat.in утилиты для измерения и анализа производительности системы sysstat, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: MEDIUM (6.3) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Links:
Published: Nov. 14, 2019
BDU:2020-02944
Уязвимость компонентов arch/powerpc/kernel/entry_64.S и arch/powerpc/kernel/security.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации
Severity: MEDIUM (4.7) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Dec. 14, 2011
BDU:2020-02951
Уязвимость функции GetInstalledPackages менеджера установки Application Lifestyle Management, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 13, 2017
BDU:2020-02957
Уязвимость модуля modules/serverdensity_device.py системы управления конфигураций и удаленного выполнения операций SaltStack, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
Severity: MEDIUM (5.3) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Jan. 2, 2016
BDU:2020-02959
Уязвимость компонента consoleinst.sh менеджера установки Installation Manager IBM, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании или оказать воздействие на целостность данных
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 27, 2020
BDU:2020-03071
Уязвимость компонента drivers/tty/vt/keyboard.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 7, 2018
BDU:2020-03305
Уязвимость функции mmap()ing ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Sept. 3, 2019
BDU:2020-03327
Уязвимость функции mwifiex_update_vs_ie() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 3, 2019
BDU:2020-03328
Уязвимость функции mwifiex_set_uap_rates() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 3, 2019
BDU:2020-03329
Уязвимость функции mwifiex_set_wmm_params() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 21, 2020
BDU:2020-04348
Уязвимость функции cgroups ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 3, 2019
BDU:2020-04876
Уязвимость функции register_queue_kobjects() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 26, 2020
BDU:2020-05454
Уязвимость функции sunkbd_reinit() (drivers/input/keyboard/sunkbd.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.1) Vector: AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Links:
Published: May 27, 2020
BDU:2020-05546
Уязвимость функции __split_huge_pmd (mm/huge_memory.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.4) Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 28, 2020
BDU:2020-05831
Уязвимость ядра операционной системы Linux, связанная с использованием памяти после её освобождения, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (4.1) Vector: AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Dec. 4, 2019
BDU:2020-05893
Уязвимость запроса гипервизора KVM KVM_GET_EMULATED_CPUID ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
Severity: MEDIUM (6.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Dec. 4, 2020
BDU:2021-00005
Уязвимость компонента drivers/tty/tty_jobctrl.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 14, 2020
BDU:2021-00014
Уязвимость ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии или получить несанкционированный доступ к защищаемой информации
Severity: HIGH (8.8) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Oct. 6, 2020
BDU:2021-00106
Уязвимость модуля HDLC_PPP ядра операционной системы Linux, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 26, 2018
BDU:2021-00376
Уязвимость функции f_midi_set_alt ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 14, 2020
BDU:2021-00471
Уязвимость драйвера VFIO PCI ядра операционной системы Linux, связанная с недостаточной обработкой исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3) Vector: AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Links:
Published: Sept. 4, 2018
BDU:2021-01415
Уязвимость драйвера drivers/staging/irda/net/af_irda.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: May 9, 2018
BDU:2021-01420
Уязвимость функции vhost_new_msg() ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Feb. 27, 2019
BDU:2021-01438
Уязвимость функции expand_downwards ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: March 5, 2021
BDU:2021-01688
Уязвимость функции rtw_wx_set_scan() (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 7, 2020
BDU:2021-01920
Уязвимость реализации протокола MIDI ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 8, 2021
BDU:2021-02182
Уязвимость компонента BPF JIT (arch/x86/net/bpf_jit_comp.c и arch/x86/net/bpf_jit_comp32.c.) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 11, 2021
BDU:2021-02587
Уязвимость драйверов drivers/target/target_core_xcopy.c ядра операционной системы Linux, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Links:
Published: May 10, 2021
BDU:2021-02663
Уязвимость набора стандартов связи для коммуникации IEEE 802.11 операционной системы Windows, позволяющая нарушителю внедрить произвольные сетевые пакеты
Severity: LOW (3.5) Vector: AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
Published: May 28, 2020
BDU:2021-03057
Уязвимость функции fill_thread_core_info() ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию и вызвать отказ в обслуживании
Severity: MEDIUM (4.4) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Links:
Published: May 10, 2021
BDU:2021-03088
Уязвимость реализации алгоритмов WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Severity: LOW (2.6) Vector: AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: May 10, 2021
BDU:2021-03095
Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 набора стандартов связи для коммуникации IEEE 802.11, позволяющая нарушителю внедрить произвольные сетевые пакеты и/или оказать воздействие на целостность защищаемой информации
Severity: LOW (3.5) Vector: AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: May 10, 2021
BDU:2021-03177
Уязвимость реализации алгоритмов WEP, WPA, WPA2 и WPA3 ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Severity: MEDIUM (5.4) Vector: AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Links:
Published: July 7, 2020
BDU:2021-03189
Уязвимость подсистемы cgroupv2 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 4, 2020
BDU:2021-03394
Уязвимость компонента net/packet/af_packet.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 20, 2020
BDU:2021-03412
Уязвимость ядра операционной системы Linux, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: MEDIUM (4.7) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: July 20, 2021
BDU:2021-03848
Уязвимость компонента fs/seq_file.c ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 23, 2021
BDU:2021-04028
Уязвимость функции rtas_args.nargs драйвера arch/powerpc/kvm/book3s_rtas.c ядра операционной системы Linux, позволяющая нарушителю вызвать повреждение памяти операционной системы хоста
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 5, 2017
BDU:2021-04144
Уязвимость функции dccp_disconnect (net/dccp/proto.c) ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 13, 2021
BDU:2021-04260
Уязвимость функции xt_compat_target_from_user() (net/netfilter/x_tables.c) подсистемы netfilter операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 13, 2021
BDU:2021-04855
Уязвимость компонента net/sctp/socket.c ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 4, 2021
BDU:2021-04856
Уязвимость сокетов nfc операционной системы Linux , связанная с использованием памяти после её освобождения, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 17, 2021
BDU:2021-04862
Уязвимость функции hci_dev_do_open() подсистемы инициализации устройства HCI ядра операционной системы Linux, связанная с повторным освобождением памяти, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 9, 2020
BDU:2021-06410
Уязвимость компонента mm/mremap.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю повысить свои привилегии в системе
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 15, 2021
BDU:2022-03028
Уязвимость функции llcp_sock_connect() операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 26, 2021
BDU:2022-03139
Уязвимость функции llcp_sock_bind() протокола nfc ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 26, 2021
BDU:2022-03141
Уязвимость функции llcp_sock_connect() протокола nfc ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: March 2, 2022
BDU:2022-03144
Уязвимость функции route4_change() (net/sched/cls_route.c) ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 14, 2021
BDU:2022-04604
Уязвимость функции decode_nfs_fh() ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии и вызвать аварийное завершение системы
Severity: HIGH (8.0) Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 4, 2020
BDU:2023-00700
Уязвимость функции vgacon_scrollback_cur() видеодрайвера ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.6) Vector: AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 4, 2023
BDU:2023-00749
Уязвимость функции ib_prctl_set() ядра операционной системы Linux, позволяющая нарушителю получить доступ к защищаемой информации.
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Jan. 9, 2021
BDU:2023-01284
Уязвимость реализации протокола TIPC (Transparent Inter Process Communication) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 12, 2018
BDU:2023-01296
Уязвимость функции uvesafb_setcmap function (drivers/video/fbdev/uvesafb.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 23, 2023
BDU:2023-01796
Уязвимость функции seq_buf_putmem_hex() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.7) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 3, 2019
BDU:2023-02534
Уязвимость функции pde_subdir_find() в модуле fs/proc/generic.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.7) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 9, 2001
Modified: Oct. 19, 2017
Modified: Oct. 19, 2017
CVE-2000-1134
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
Severity: HIGH (7.2)
Links:
- 2006
- FreeBSD-SA-00:76
- 20001128 /bin/sh creates insecure tmp files
- 20001111a
- MDKSA-2000-069
- CSSA-2000-043.0
- CSSA-2000-042.0
- RHSA-2000:117
- RHSA-2000:121
- MDKSA-2000:075
- 1926
- SSRT1-41U
- 20011103-02-P
- VU#10277
- 20001028 tcsh: unsafe tempfile in << redirects
- CLSA-2000:354
- CLA-2000:350
- 20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE
- oval:org.mitre.oval:def:4047
Published: Aug. 14, 2007
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2007-3852
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
Severity: MEDIUM (4.4)
Links:
Published: Jan. 31, 2008
Modified: Oct. 16, 2018
Modified: Oct. 16, 2018
CVE-2008-0525
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
Severity: MEDIUM (4.6)
Links:
- 1019272
- 28665
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528
- http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530
- https://secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.html
- 27458
- 28657
- 3599
- ADV-2008-0426
- patchlinkupdate-reboottask-symlink(39958)
- patchlinkupdate-logtrimmer-symlink(39956)
- 20080125 Two vulnerabilities for PatchLink Update Client for Unix.
Published: Feb. 4, 2009
Modified: Feb. 20, 2009
Modified: Feb. 20, 2009
CVE-2009-0416
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.
Links:
Published: June 22, 2012
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
Severity: MEDIUM (5.4)
Links:
- https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573
- [oss-security] 20110301 Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes
- https://bugzilla.redhat.com/show_bug.cgi?id=681260
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- RHSA-2011:0833
- http://downloads.avaya.com/css/P8/documents/100145416
- http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573
Published: Dec. 12, 2011
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2011-1161
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1160, CVE-2011-1162. Reason: This candidate was withdrawn by its CNA. Further investigation showed that only two candidates, CVE-2011-1160 and CVE-2011-1162, were needed for the set of security issues in question. Notes: none
Published: Dec. 15, 2011
Modified: Oct. 9, 2018
Modified: Oct. 9, 2018
CVE-2011-4834
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
Severity: MEDIUM (4.6)
Links:
Published: March 22, 2013
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2013-1798
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
Severity: MEDIUM (6.2)
Links:
- [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]
- https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55
- https://bugzilla.redhat.com/show_bug.cgi?id=917017
- USN-1813-1
- USN-1812-1
- RHSA-2013:0744
- RHSA-2013:0727
- USN-1809-1
- RHSA-2013:0746
- openSUSE-SU-2013:0847
- RHSA-2013:0928
- openSUSE-SU-2013:0925
- openSUSE-SU-2013:1187
- MDVSA-2013:176
- RHSA-2013:1026
- http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a2c118bfab8bc6b8bb213abfc35201e441693d55
Published: April 13, 2017
Modified: April 19, 2017
Modified: April 19, 2017
CVE-2015-1838
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Links:
Published: Jan. 2, 2016
Modified: Nov. 28, 2016
Modified: Nov. 28, 2016
CVE-2015-7442
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.
Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 10, 2016
Modified: Dec. 3, 2016
Modified: Dec. 3, 2016
CVE-2016-7489
Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 7, 2017
Modified: April 8, 2019
Modified: April 8, 2019
CVE-2017-1000410
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
- [oss-security] 20171206 Info Leak in the Linux Kernel via Bluetooth
- 102101
- DSA-4073
- DSA-4082
- RHSA-2018:0654
- RHSA-2018:1062
- RHSA-2018:0676
- RHSA-2018:1170
- RHSA-2018:1130
- RHSA-2018:1319
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- USN-3933-2
- USN-3933-1
Published: Feb. 1, 2018
Modified: Aug. 24, 2018
Modified: Aug. 24, 2018
CVE-2017-16911
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
Severity: MEDIUM (4.7) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://www.spinics.net/lists/linux-usb/msg163480.html
- https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/
- https://secuniaresearch.flexerasoftware.com/advisories/80454/
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
- 102156
- USN-3619-1
- USN-3619-2
- DSA-4187
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- USN-3754-1
Published: Dec. 18, 2017
Modified: April 25, 2018
Modified: April 25, 2018
CVE-2017-17741
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
Published: Jan. 24, 2018
Modified: Feb. 8, 2023
Modified: Feb. 8, 2023
CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 5, 2018
Modified: Feb. 8, 2023
Modified: Feb. 8, 2023
CVE-2017-18218
In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 13, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-18509
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf
- https://salsa.debian.org/kernel-team/linux/commit/baefcdc2f29923e7325ce4e1a72c3ff0a9800f32
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99253eb750fda6a644d5188fb26c43bad8d5a745
- https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745
- https://lists.openwall.net/netdev/2017/12/04/40
- DSA-4497
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update
- 20190814 [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update
- http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://support.f5.com/csp/article/K41582535
- USN-4145-1
- https://support.f5.com/csp/article/K41582535?utm_source=f5support&amp%3Butm_medium=RSS
Published: Jan. 4, 2018
Modified: Aug. 16, 2021
Modified: Aug. 16, 2021
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://support.lenovo.com/us/en/solutions/LEN-18282
- https://support.f5.com/csp/article/K91229003
- https://spectreattack.com/
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- http://xenbits.xen.org/xsa/advisory-254.html
- 1040071
- VU#584653
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- 43427
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- https://support.citrix.com/article/CTX231399
- https://security.netapp.com/advisory/ntap-20180104-0001/
- 102376
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- openSUSE-SU-2018:0023
- openSUSE-SU-2018:0022
- SUSE-SU-2018:0020
- SUSE-SU-2018:0019
- openSUSE-SU-2018:0013
- SUSE-SU-2018:0012
- SUSE-SU-2018:0011
- SUSE-SU-2018:0010
- SUSE-SU-2018:0009
- SUSE-SU-2018:0008
- SUSE-SU-2018:0007
- SUSE-SU-2018:0006
- https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- USN-3516-1
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- RHSA-2018:0292
- DSA-4120
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- FreeBSD-SA-18:03
- USN-3597-2
- USN-3597-1
- USN-3594-1
- USN-3582-2
- USN-3582-1
- USN-3581-2
- USN-3581-1
- USN-3580-1
- USN-3561-1
- USN-3560-1
- USN-3549-1
- USN-3531-1
- USN-3542-2
- https://www.vmware.com/security/advisories/VMSA-2018-0007.html
- USN-3541-2
- USN-3540-2
- USN-3531-3
- USN-3620-2
- DSA-4188
- DSA-4187
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert.vde.com/en-us/advisories/vde-2018-002
- VU#180049
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- DSA-4213
- USN-3690-1
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- USN-3777-3
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- GLSA-201810-06
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- FreeBSD-SA-19:26
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- https://security.paloaltonetworks.com/CVE-2017-5715
- [debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update
- [debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update
Published: Jan. 4, 2018
Modified: Nov. 24, 2021
Modified: Nov. 24, 2021
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://support.lenovo.com/us/en/solutions/LEN-18282
- https://support.f5.com/csp/article/K91229003
- https://spectreattack.com/
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- http://xenbits.xen.org/xsa/advisory-254.html
- 1040071
- VU#584653
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- 43427
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- https://support.citrix.com/article/CTX231399
- https://security.netapp.com/advisory/ntap-20180104-0001/
- 102371
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- openSUSE-SU-2018:0023
- openSUSE-SU-2018:0022
- SUSE-SU-2018:0012
- SUSE-SU-2018:0011
- SUSE-SU-2018:0010
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- USN-3516-1
- RHSA-2018:0292
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- USN-3597-2
- USN-3597-1
- USN-3580-1
- USN-3549-1
- USN-3542-1
- USN-3541-1
- USN-3540-1
- USN-3542-2
- USN-3541-2
- USN-3540-2
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- DSA-4188
- DSA-4187
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert.vde.com/en-us/advisories/vde-2018-002
- VU#180049
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- GLSA-201810-06
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cdrdv2.intel.com/v1/dl/getContent/685359
Published: Jan. 4, 2018
Modified: Nov. 19, 2021
Modified: Nov. 19, 2021
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://support.lenovo.com/us/en/solutions/LEN-18282
- https://support.f5.com/csp/article/K91229003
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- https://meltdownattack.com/
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- http://xenbits.xen.org/xsa/advisory-254.html
- 1040071
- VU#584653
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- DSA-4078
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- https://support.citrix.com/article/CTX231399
- https://security.netapp.com/advisory/ntap-20180104-0001/
- 102378
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- openSUSE-SU-2018:0023
- openSUSE-SU-2018:0022
- SUSE-SU-2018:0012
- SUSE-SU-2018:0011
- SUSE-SU-2018:0010
- DSA-4082
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- USN-3525-1
- USN-3524-2
- USN-3523-2
- USN-3522-2
- USN-3516-1
- [debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update
- RHSA-2018:0292
- DSA-4120
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- FreeBSD-SA-18:03
- USN-3597-2
- USN-3597-1
- USN-3583-1
- USN-3523-1
- USN-3522-4
- USN-3522-3
- USN-3541-2
- USN-3540-2
- https://source.android.com/security/bulletin/2018-04-01
- https://support.citrix.com/article/CTX234679
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert.vde.com/en-us/advisories/vde-2018-002
- VU#180049
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- GLSA-201810-06
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- 106128
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://cdrdv2.intel.com/v1/dl/getContent/685358
Published: Dec. 5, 2017
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2017-8824
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- http://www.openwall.com/lists/oss-security/2017/12/05/1
- http://lists.openwall.net/netdev/2017/12/04/224
- 102056
- 43234
- DSA-4073
- SUSE-SU-2018:0011
- DSA-4082
- [debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update
- RHSA-2018:0399
- USN-3583-2
- USN-3583-1
- USN-3582-2
- USN-3582-1
- USN-3581-3
- USN-3581-2
- USN-3581-1
- RHSA-2018:1062
- RHSA-2018:0676
- RHSA-2018:1170
- RHSA-2018:1130
- RHSA-2018:1216
- RHSA-2018:1319
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- RHSA-2018:3822
Published: Jan. 16, 2018
Modified: July 15, 2020
Modified: July 15, 2020
CVE-2018-1000004
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20180116 sound driver Conditional competition
- RHSA-2018:0654
- RHSA-2018:1062
- RHSA-2018:0676
- USN-3631-2
- USN-3631-1
- DSA-4187
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- RHSA-2018:2390
- USN-3798-2
- USN-3798-1
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- 104606
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- RHSA-2019:1483
- https://www.oracle.com/security-alerts/cpujul2020.html
Published: Feb. 10, 2018
Modified: Oct. 3, 2023
Modified: Oct. 3, 2023
CVE-2018-1000026
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
Severity: HIGH (7.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://patchwork.ozlabs.org/patch/859410/
- [netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96
- [netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40
- USN-3617-2
- USN-3617-1
- USN-3620-2
- USN-3620-1
- USN-3619-1
- USN-3617-3
- USN-3619-2
- USN-3632-1
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
Published: March 16, 2018
Modified: June 21, 2023
Modified: June 21, 2023
CVE-2018-1068
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6
- https://bugzilla.redhat.com/show_bug.cgi?id=1552048
- [linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries
- [linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries
- 103459
- DSA-4188
- DSA-4187
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- RHSA-2018:1355
- RHSA-2018:1318
- USN-3654-2
- USN-3654-1
- USN-3656-1
- USN-3677-2
- USN-3677-1
- USN-3674-2
- USN-3674-1
- RHSA-2018:2948
- RHSA-2019:1170
- RHSA-2019:1190
- RHSA-2019:4159
Published: Sept. 11, 2018
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2018-10853
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.openwall.com/lists/oss-security/2018/09/02/1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- USN-3777-2
- USN-3777-1
- openSUSE-SU-2019:1407
- RHSA-2019:2043
- RHSA-2019:2029
- RHSA-2020:0036
- RHSA-2020:0103
- RHSA-2020:0179
Published: July 26, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10876
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876
- https://bugzilla.kernel.org/show_bug.cgi?id=199403
- http://patchwork.ozlabs.org/patch/929239/
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-2
- USN-3753-1
- 106503
- USN-3871-1
- USN-3871-4
- USN-3871-3
- USN-3871-5
- RHSA-2019:0525
- 104904
Published: July 18, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10877
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 26, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10879
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879
- https://bugzilla.kernel.org/show_bug.cgi?id=200001
- http://patchwork.ozlabs.org/patch/928667/
- http://patchwork.ozlabs.org/patch/928666/
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- 104902
- USN-3753-2
- USN-3753-1
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
- USN-3871-1
- USN-3871-4
- USN-3871-3
- USN-3871-5
Published: July 25, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10880
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880
- https://bugzilla.kernel.org/show_bug.cgi?id=200005
- http://patchwork.ozlabs.org/patch/930639/
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- RHSA-2018:2948
- USN-3821-2
- USN-3821-1
- 106503
- USN-3871-1
- USN-3871-4
- USN-3871-3
- USN-3871-5
- 104907
Published: July 26, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10881
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881
- https://bugzilla.kernel.org/show_bug.cgi?id=200015
- http://patchwork.ozlabs.org/patch/929792/
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- 104901
- USN-3754-1
- USN-3753-2
- USN-3753-1
- USN-3752-2
- USN-3752-1
- USN-3752-3
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
Published: July 27, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10882
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882
- https://bugzilla.kernel.org/show_bug.cgi?id=200069
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-2
- USN-3753-1
- RHSA-2018:2948
- 106503
- USN-3871-1
- USN-3871-4
- USN-3871-3
- USN-3871-5
Published: July 30, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10883
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
- USN-3871-1
- USN-3879-2
- USN-3879-1
- USN-3871-4
- USN-3871-3
- USN-3871-5
- https://support.f5.com/csp/article/K94735334?utm_source=f5support&amp%3Butm_medium=RSS
Published: April 2, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-1092
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44
- https://bugzilla.redhat.com/show_bug.cgi?id=1560777
- https://bugzilla.kernel.org/show_bug.cgi?id=199179
- http://openwall.com/lists/oss-security/2018/03/29/1
- https://bugzilla.kernel.org/show_bug.cgi?id=199275
- DSA-4188
- DSA-4187
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- USN-3678-2
- USN-3678-1
- USN-3677-2
- USN-3677-1
- USN-3676-2
- USN-3676-1
- USN-3678-3
- USN-3678-4
- USN-3754-1
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
Published: April 2, 2018
Modified: Aug. 29, 2018
Modified: Aug. 29, 2018
CVE-2018-1093
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
- https://bugzilla.redhat.com/show_bug.cgi?id=1560782
- https://bugzilla.kernel.org/show_bug.cgi?id=199181
- http://openwall.com/lists/oss-security/2018/03/29/1
- DSA-4188
- [debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update
- USN-3676-2
- USN-3676-1
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- USN-3754-1
- USN-3752-2
- USN-3752-1
- USN-3752-3
Published: May 9, 2018
Modified: Oct. 31, 2018
Modified: Oct. 31, 2018
CVE-2018-10940
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6
- https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
- 104154
- [debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update
- USN-3676-2
- USN-3676-1
- USN-3695-2
- USN-3695-1
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3754-1
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
Published: May 22, 2018
Modified: Nov. 29, 2022
Modified: Nov. 29, 2022
CVE-2018-1108
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
Published: May 11, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: June 20, 2018
Modified: Oct. 10, 2019
Modified: Oct. 10, 2019
CVE-2018-1120
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
- 44806
- 104229
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3752-2
- USN-3752-1
- USN-3752-3
- GLSA-201805-14
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
- USN-3910-2
- USN-3910-1
Published: July 10, 2018
Modified: Nov. 17, 2020
Modified: Nov. 17, 2020
CVE-2018-1128
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
- https://bugzilla.redhat.com/show_bug.cgi?id=1575866
- http://tracker.ceph.com/issues/24836
- RHSA-2018:2179
- RHSA-2018:2177
- RHSA-2018:2274
- RHSA-2018:2261
- DSA-4339
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- openSUSE-SU-2019:1284
- [oss-security] 20201117 CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost
- [oss-security] 20201117 Re: CVE-2020-25677 ceph: CEPHX_V2 replay attack protection lost
Published: July 10, 2018
Modified: Aug. 29, 2019
Modified: Aug. 29, 2019
CVE-2018-1129
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Links:
- https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
- https://bugzilla.redhat.com/show_bug.cgi?id=1576057
- http://tracker.ceph.com/issues/24837
- RHSA-2018:2179
- RHSA-2018:2177
- RHSA-2018:2274
- RHSA-2018:2261
- DSA-4339
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
- openSUSE-SU-2019:1284
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
Published: May 30, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2018-12126
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- openSUSE-SU-2019:1505
- RHSA-2019:1455
- USN-3977-3
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- FreeBSD-SA-19:07
- RHSA-2019:2553
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- FreeBSD-SA-19:26
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- DSA-4602
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- GLSA-202003-56
- FEDORA-2019-1f5832fc0e
Published: May 30, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2018-12127
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- openSUSE-SU-2019:1505
- RHSA-2019:1455
- USN-3977-3
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- FreeBSD-SA-19:07
- RHSA-2019:2553
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- FreeBSD-SA-19:26
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- DSA-4602
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- GLSA-202003-56
- FEDORA-2019-1f5832fc0e
Published: May 30, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2018-12130
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- openSUSE-SU-2019:1505
- RHSA-2019:1455
- USN-3977-3
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- FreeBSD-SA-19:07
- RHSA-2019:2553
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- FreeBSD-SA-19:26
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- https://www.synology.com/security/advisory/Synology_SA_19_24
- DSA-4602
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- GLSA-202003-56
- FEDORA-2019-1f5832fc0e
Published: July 6, 2018
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2018-13406
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713
- 104685
- 1041355
- USN-3754-1
- USN-3753-2
- USN-3753-1
- USN-3752-2
- USN-3752-1
- USN-3752-3
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
Published: Sept. 10, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-14625
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.
Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625
- USN-3872-1
- USN-3871-1
- USN-3878-1
- USN-3871-4
- USN-3871-3
- USN-3878-2
- USN-3871-5
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- RHSA-2019:2043
- RHSA-2019:2029
- RHSA-2019:4154
Published: Sept. 25, 2018
Modified: Feb. 15, 2023
Modified: Feb. 15, 2023
CVE-2018-14633
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Links:
- https://seclists.org/oss-sec/2018/q3/270
- https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe
- https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633
- 105388
- DSA-4308
- USN-3777-2
- USN-3777-1
- USN-3776-2
- USN-3776-1
- USN-3775-2
- USN-3779-1
- USN-3775-1
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- USN-3777-3
- RHSA-2018:3666
- RHSA-2018:3651
- RHSA-2019:1946
Published: Aug. 17, 2018
Modified: Oct. 3, 2023
Modified: Oct. 3, 2023
CVE-2018-15471
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 31, 2018
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2018-16276
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- DSA-4308
- USN-3776-2
- USN-3776-1
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- https://bugzilla.suse.com/show_bug.cgi?id=1115593
- https://bugzilla.suse.com/show_bug.cgi?id=1106095
- USN-3849-2
- USN-3847-3
- USN-3847-2
- USN-3847-1
- USN-3849-1
Published: Sept. 7, 2018
Modified: Aug. 6, 2019
Modified: Aug. 6, 2019
CVE-2018-16658
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.
Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.6
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4
- DSA-4308
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- USN-3797-2
- USN-3797-1
- 105334
- USN-3822-2
- USN-3820-3
- USN-3820-2
- USN-3820-1
- USN-3822-1
- RHSA-2019:2043
- RHSA-2019:2029
- RHSA-2019:4154
Published: Dec. 19, 2018
Modified: Aug. 11, 2023
Modified: Aug. 11, 2023
CVE-2018-16884
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Severity: HIGH (8.0) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.kernel.org/patch/10733769/
- https://patchwork.kernel.org/cover/10733767/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884
- 106253
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- USN-3932-2
- USN-3932-1
- https://support.f5.com/csp/article/K21430012
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- USN-3981-1
- USN-3980-1
- USN-3980-2
- USN-3981-2
- RHSA-2019:1891
- RHSA-2019:1873
- RHSA-2019:2696
- RHSA-2019:2730
- RHSA-2019:3517
- RHSA-2019:3309
- RHSA-2020:0204
- https://www.oracle.com/security-alerts/cpuApr2021.html
Published: Sept. 19, 2018
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2018-17182
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.openwall.com/lists/oss-security/2018/09/18/4
- https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
- 45497
- DSA-4308
- USN-3777-2
- USN-3777-1
- USN-3776-2
- USN-3776-1
- 1041748
- 105417
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- USN-3777-3
- RHSA-2018:3656
- 106503
- https://security.netapp.com/advisory/ntap-20190204-0001/
Published: March 21, 2019
Modified: Sept. 3, 2019
Modified: Sept. 3, 2019
CVE-2018-19985
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
Severity: MEDIUM (4.6) Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
- https://seclists.org/bugtraq/2019/Jan/52
- https://hexhive.epfl.ch/projects/perifuzz/
- http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00023.html
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- https://security.netapp.com/advisory/ntap-20190404-0002/
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- USN-4115-1
- USN-4118-1
- RHSA-2019:3517
- RHSA-2019:3309
Published: May 7, 2019
Modified: Nov. 3, 2022
Modified: Nov. 3, 2022
CVE-2018-20836
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae
- 108196
- https://support.f5.com/csp/article/K11225249
- https://security.netapp.com/advisory/ntap-20190719-0003/
- openSUSE-SU-2019:1716
- openSUSE-SU-2019:1757
- USN-4076-1
- DSA-4495
- 20190812 [SECURITY] [DSA 4495-1] linux security update
- DSA-4497
- 20190813 [SECURITY] [DSA 4497-1] linux security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update
Published: Aug. 7, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2018-20961
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4
- https://github.com/torvalds/linux/commit/7fafcfdf6377b18b2a726ea554d6e593ba44349f
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fafcfdf6377b18b2a726ea554d6e593ba44349f
- 20190826 [slackware-security] Slackware 14.2 kernel (SSA:2019-238-01)
- http://packetstormsecurity.com/files/154228/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://support.f5.com/csp/article/K58502654
- https://security.netapp.com/advisory/ntap-20190905-0002/
- USN-4145-1
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://support.f5.com/csp/article/K58502654?utm_source=f5support&amp%3Butm_medium=RSS
Published: Aug. 14, 2018
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2018-3620
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
- USN-3742-2
- USN-3742-1
- USN-3741-1
- USN-3740-2
- USN-3740-1
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us
- FreeBSD-SA-18:09
- RHSA-2018:2396
- RHSA-2018:2395
- RHSA-2018:2394
- RHSA-2018:2393
- RHSA-2018:2392
- RHSA-2018:2391
- RHSA-2018:2390
- RHSA-2018:2389
- RHSA-2018:2388
- RHSA-2018:2387
- RHSA-2018:2384
- 1041451
- 105080
- https://www.synology.com/support/security/Synology_SA_18_45
- 20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
- https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
- https://foreshadowattack.eu/
- http://support.lenovo.com/us/en/solutions/LEN-24163
- https://security.netapp.com/advisory/ntap-20180815-0001/
- RHSA-2018:2404
- RHSA-2018:2403
- RHSA-2018:2402
- https://support.f5.com/csp/article/K95275140
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0009
- http://xenbits.xen.org/xsa/advisory-273.html
- http://www.vmware.com/security/advisories/VMSA-2018-0021.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
- VU#982149
- DSA-4274
- DSA-4279
- USN-3741-2
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018
- [debian-lts-announce] 20180828 [SECURITY] [DLA 1481-1] linux-4.9 security update
- RHSA-2018:2603
- RHSA-2018:2602
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
- GLSA-201810-06
- USN-3823-1
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-f8cba144ae
Published: Jan. 11, 2018
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2018-5332
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c
- 102507
- RHSA-2018:0470
- USN-3617-2
- USN-3617-1
- USN-3620-2
- USN-3620-1
- USN-3619-1
- USN-3617-3
- USN-3619-2
- USN-3632-1
- DSA-4187
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e
Published: June 12, 2018
Modified: March 27, 2019
Modified: March 27, 2019
CVE-2018-5803
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information
- [linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/
- 81331
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51
- https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102
- DSA-4188
- DSA-4187
- USN-3656-1
- USN-3654-2
- USN-3654-1
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- RHSA-2018:1854
- USN-3698-2
- USN-3697-2
- USN-3697-1
- USN-3698-1
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
- RHSA-2019:0641
Published: June 12, 2018
Modified: May 20, 2019
Modified: May 20, 2019
CVE-2018-5814
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/
- 81540
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43
- 1041050
- USN-3696-2
- USN-3696-1
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3752-2
- USN-3752-1
- USN-3752-3
- openSUSE-SU-2019:1407
Published: Jan. 31, 2018
Modified: March 20, 2019
Modified: March 20, 2019
CVE-2018-6412
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Sept. 4, 2018
Modified: Oct. 10, 2019
Modified: Oct. 10, 2019
CVE-2018-6554
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket
- [stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket
- 105302
- DSA-4308
- USN-3777-2
- USN-3777-1
- USN-3776-2
- USN-3776-1
- USN-3775-2
- USN-3775-1
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- USN-3777-3
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
Published: Sept. 4, 2018
Modified: Oct. 10, 2019
Modified: Oct. 10, 2019
CVE-2018-6555
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [stable] 20180904 [PATCH 2/2] irda: Only insert new objects into the global database via setsockopt
- [stable] 20180904 [PATCH 2/2] irda: Only insert new objects into the global database via setsockopt
- 105304
- DSA-4308
- USN-3777-2
- USN-3777-1
- USN-3776-2
- USN-3776-1
- USN-3775-2
- USN-3775-1
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- USN-3777-3
Published: Feb. 25, 2018
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2018-7480
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 8, 2018
Modified: Oct. 4, 2018
Modified: Oct. 4, 2018
CVE-2018-7755
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: April 23, 2018
Modified: March 3, 2023
Modified: March 3, 2023
CVE-2018-8781
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://patchwork.freedesktop.org/patch/211845/
- DSA-4188
- DSA-4187
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- USN-3654-2
- USN-3654-1
- USN-3656-1
- USN-3677-2
- USN-3677-1
- USN-3674-2
- USN-3674-1
- https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
Published: Nov. 6, 2018
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2018-9363
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.
Severity: HIGH (8.4) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 14, 2019
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2019-0145
Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 14, 2019
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-10126
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126
- DSA-4465
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- 108817
- https://support.f5.com/csp/article/K95593121
- https://security.netapp.com/advisory/ntap-20190710-0002/
- openSUSE-SU-2019:1716
- openSUSE-SU-2019:1757
- 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- USN-4095-2
- USN-4095-1
- USN-4094-1
- USN-4093-1
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- USN-4117-1
- USN-4118-1
- RHSA-2019:3055
- RHSA-2019:3076
- RHSA-2019:3089
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2020:0174
- RHSA-2020:0204
Published: Nov. 25, 2019
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-10207
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 27, 2019
Modified: Nov. 3, 2022
Modified: Nov. 3, 2022
CVE-2019-10220
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: May 30, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-11091
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
- openSUSE-SU-2019:1505
- RHSA-2019:1455
- USN-3977-3
- [debian-lts-announce] 20190620 [SECURITY] [DLA 1789-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4447-2] intel-microcode security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en
- openSUSE-SU-2019:1806
- openSUSE-SU-2019:1805
- FreeBSD-SA-19:07
- RHSA-2019:2553
- https://kc.mcafee.com/corporate/index?page=content&id=SB10292
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- 20191112 [SECURITY] [DSA 4564-1] linux security update
- https://www.synology.com/security/advisory/Synology_SA_19_24
- DSA-4602
- 20200114 [SECURITY] [DSA 4602-1] xen security update
- GLSA-202003-56
- FEDORA-2019-1f5832fc0e
Published: June 19, 2019
Modified: Feb. 28, 2024
Modified: Feb. 28, 2024
CVE-2019-11477
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
- https://support.f5.com/csp/article/K78234183
- http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- VU#905115
- [oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://security.netapp.com/advisory/ntap-20190625-0001/
- RHSA-2019:1594
- RHSA-2019:1602
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- http://www.vmware.com/security/advisories/VMSA-2019-0010.html
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- RHSA-2019:1699
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- https://www.oracle.com/security-alerts/cpuoct2020.html
Published: June 19, 2019
Modified: Feb. 28, 2024
Modified: Feb. 28, 2024
CVE-2019-11478
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://support.f5.com/csp/article/K26618426
- http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- VU#905115
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://security.netapp.com/advisory/ntap-20190625-0001/
- RHSA-2019:1594
- RHSA-2019:1602
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- http://www.vmware.com/security/advisories/VMSA-2019-0010.html
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- RHSA-2019:1699
- 20190722 [SECURITY] [DSA 4484-1] linux security update
- http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- [oss-security] 20191023 Membership application for linux-distros - VMware
- [oss-security] 20191029 Re: Membership application for linux-distros - VMware
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- https://www.oracle.com/security-alerts/cpuoct2020.html
Published: June 19, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6
- https://access.redhat.com/security/vulnerabilities/tcpsack
- https://support.f5.com/csp/article/K35421172
- 108818
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
- VU#905115
- https://www.synology.com/security/advisory/Synology_SA_19_28
- https://security.netapp.com/advisory/ntap-20190625-0001/
- RHSA-2019:1594
- RHSA-2019:1602
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008
- https://kc.mcafee.com/corporate/index?page=content&id=SB10287
- [oss-security] 20190628 Re: linux-distros membership application - Microsoft
- USN-4041-2
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- [oss-security] 20190706 Re: linux-distros membership application - Microsoft
- RHSA-2019:1699
- USN-4041-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
- https://www.us-cert.gov/ics/advisories/icsa-19-253-03
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.us-cert.gov/ics/advisories/icsma-20-170-06
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://support.f5.com/csp/article/K35421172?utm_source=f5support&amp%3Butm_medium=RSS
Published: April 24, 2019
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2019-11487
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://lwn.net/Articles/786044/
- https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3
- https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64
- https://github.com/torvalds/linux/commit/88b1a17dfc3ed7728316478fae0f5ad508f50397
- https://github.com/torvalds/linux/commit/6b3a707736301c2128ca85ce85fb13f60b5e350a
- https://github.com/torvalds/linux/commit/15fab63e1e57be9fdb5eec1bbc5916e9825e9acb
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f958d7b528b1b40c44cfda5eabe2d82760d868c3
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fde12ca79aff9b5ba951fce1a2641901b8d8e64
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=88b1a17dfc3ed7728316478fae0f5ad508f50397
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15fab63e1e57be9fdb5eec1bbc5916e9825e9acb
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
- 108054
- [oss-security] 20190429 Linux kernel: multiple issues
- https://security.netapp.com/advisory/ntap-20190517-0005/
- openSUSE-SU-2019:1570
- openSUSE-SU-2019:1571
- openSUSE-SU-2019:1579
- https://support.f5.com/csp/article/K14255532
- USN-4069-1
- USN-4069-2
- USN-4115-1
- USN-4118-1
- RHSA-2019:2703
- RHSA-2019:2741
- [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- USN-4145-1
- RHSA-2020:0174
- https://www.oracle.com/security-alerts/cpuApr2021.html
Published: May 7, 2019
Modified: Dec. 2, 2022
Modified: Dec. 2, 2022
CVE-2019-11810
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/bcf3b67d16a4c8ffae0aa79de5853435e683945c
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bcf3b67d16a4c8ffae0aa79de5853435e683945c
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.7
- 108286
- USN-4008-1
- USN-4005-1
- USN-4008-3
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- https://support.f5.com/csp/article/K50484570
- https://security.netapp.com/advisory/ntap-20190719-0003/
- RHSA-2019:1959
- RHSA-2019:1971
- RHSA-2019:2043
- RHSA-2019:2029
- openSUSE-SU-2019:1923
- openSUSE-SU-2019:1924
- USN-4115-1
- USN-4118-1
- RHSA-2019:2736
- RHSA-2019:2837
- RHSA-2019:3217
- RHSA-2020:0036
Published: May 8, 2019
Modified: July 21, 2021
Modified: July 21, 2021
CVE-2019-11815
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
- 108283
- openSUSE-SU-2019:1404
- openSUSE-SU-2019:1407
- https://support.f5.com/csp/article/K32019083
- openSUSE-SU-2019:1479
- USN-4008-1
- USN-4005-1
- USN-4008-3
- DSA-4465
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- https://security.netapp.com/advisory/ntap-20190719-0003/
- USN-4068-1
- USN-4068-2
- http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
- USN-4118-1
Published: May 15, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-11833
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
- 108372
- openSUSE-SU-2019:1479
- DSA-4465
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- openSUSE-SU-2019:1570
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- openSUSE-SU-2019:1579
- USN-4068-1
- USN-4068-2
- USN-4069-1
- USN-4076-1
- USN-4069-2
- RHSA-2019:2043
- RHSA-2019:2029
- USN-4095-2
- USN-4118-1
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- RHSA-2019:3517
- RHSA-2019:3309
- FEDORA-2019-48b34fc991
Published: July 17, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-13272
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
- http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
- https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee
- https://bugzilla.suse.com/show_bug.cgi?id=1140671
- https://bugzilla.redhat.com/show_bug.cgi?id=1730895
- DSA-4484
- 20190722 [SECURITY] [DSA 4484-1] linux security update
- 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
- [debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update
- [debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://security.netapp.com/advisory/ntap-20190806-0001/
- RHSA-2019:2405
- RHSA-2019:2411
- USN-4095-1
- USN-4094-1
- USN-4093-1
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- https://support.f5.com/csp/article/K91025336
- USN-4117-1
- USN-4118-1
- RHSA-2019:2809
- http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html
- http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html
- http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html
- FEDORA-2019-a95015e60f
- https://support.f5.com/csp/article/K91025336?utm_source=f5support&amp%3Butm_medium=RSS
Published: July 19, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-13648
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://patchwork.ozlabs.org/patch/1133904/
- [oss-security] 20190730 CVE-2019-13648: Linux kernel: powerpc: kernel crash in TM handling triggerable by any local user
- https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe
- https://security.netapp.com/advisory/ntap-20190806-0001/
- DSA-4495
- 20190812 [SECURITY] [DSA 4495-1] linux security update
- DSA-4497
- 20190813 [SECURITY] [DSA 4497-1] linux security update
- 20190814 [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update
- http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- openSUSE-SU-2019:1923
- openSUSE-SU-2019:1924
- USN-4114-1
- USN-4116-1
- USN-4115-1
- FEDORA-2019-7aecfe1c4b
Published: Jan. 17, 2020
Modified: July 21, 2021
Modified: July 21, 2021
CVE-2019-14615
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html
- USN-4254-1
- USN-4255-1
- USN-4253-1
- USN-4254-2
- USN-4253-2
- USN-4255-2
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
- USN-4285-1
- USN-4287-1
- USN-4286-2
- USN-4287-2
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- USN-4284-1
- USN-4286-1
- openSUSE-SU-2020:0336
- https://support.apple.com/kb/HT211100
- 20200324 APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra
Published: Sept. 20, 2019
Modified: Sept. 28, 2023
Modified: Sept. 28, 2023
CVE-2019-14814
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://access.redhat.com/security/cve/cve-2019-14814
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4163-1
- USN-4163-2
- USN-4162-2
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2020:0174
- RHSA-2020:0328
- RHSA-2020:0339
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
Published: Nov. 25, 2019
Modified: July 13, 2023
Modified: July 13, 2023
CVE-2019-14815
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://access.redhat.com/security/cve/cve-2019-14815
- RHSA-2020:0174
- RHSA-2020:0328
- RHSA-2020:0339
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com
Published: Sept. 20, 2019
Modified: July 12, 2023
Modified: July 12, 2023
CVE-2019-14816
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- https://access.redhat.com/security/cve/cve-2019-14816
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4163-1
- USN-4163-2
- USN-4162-2
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2020:0174
- RHSA-2020:0204
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0375
- RHSA-2020:0374
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- RHSA-2020:0653
- RHSA-2020:0661
- RHSA-2020:0664
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
Published: Sept. 19, 2019
Modified: Feb. 16, 2024
Modified: Feb. 16, 2024
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- [oss-security] 20190920 CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
- DSA-4531
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- https://security.netapp.com/advisory/ntap-20191004-0001/
- openSUSE-SU-2019:2307
- openSUSE-SU-2019:2308
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4163-1
- USN-4163-2
- USN-4162-2
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- RHSA-2019:3517
- RHSA-2019:3309
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2019:3978
- RHSA-2019:3979
- RHSA-2019:4154
- RHSA-2019:4256
- RHSA-2020:0027
- RHSA-2020:0204
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
Published: Sept. 17, 2019
Modified: Dec. 15, 2023
Modified: Dec. 15, 2023
CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835
- https://www.openwall.com/lists/oss-security/2019/09/17/1
- USN-4135-2
- RHSA-2019:2828
- RHSA-2019:2827
- RHSA-2019:2830
- RHSA-2019:2829
- RHSA-2019:2854
- RHSA-2019:2863
- RHSA-2019:2862
- RHSA-2019:2865
- RHSA-2019:2864
- RHSA-2019:2866
- RHSA-2019:2867
- RHSA-2019:2869
- http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html
- [oss-security] 20190924 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
- RHSA-2019:2889
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- DSA-4531
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- RHSA-2019:2900
- RHSA-2019:2901
- RHSA-2019:2899
- RHSA-2019:2924
- USN-4135-1
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- [oss-security] 20191003 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
- [oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
- [oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
- RHBA-2019:2824
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/
Published: Nov. 29, 2019
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-14895
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.openwall.com/lists/oss-security/2019/11/22/2
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895
- openSUSE-SU-2019:2675
- USN-4228-1
- USN-4227-1
- USN-4225-1
- USN-4228-2
- USN-4226-1
- USN-4227-2
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- USN-4225-2
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0375
- RHSA-2020:0374
- RHSA-2020:0543
- RHSA-2020:0592
- RHSA-2020:0609
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- RHSA-2020:0653
- RHSA-2020:0661
- RHSA-2020:0664
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
Published: Nov. 27, 2019
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-14896
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4228-1
- USN-4227-1
- USN-4225-1
- USN-4228-2
- USN-4226-1
- USN-4227-2
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- USN-4225-2
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- openSUSE-SU-2020:0336
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
Published: Nov. 29, 2019
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-14897
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897
- USN-4228-1
- USN-4225-1
- USN-4228-2
- USN-4226-1
- USN-4227-1
- USN-4227-2
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- USN-4225-2
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- openSUSE-SU-2020:0336
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
Published: Nov. 29, 2019
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-14901
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901
- openSUSE-SU-2019:2675
- USN-4228-1
- USN-4227-1
- USN-4225-1
- USN-4228-2
- USN-4226-1
- USN-4227-2
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- USN-4225-2
- RHSA-2020:0204
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0375
- RHSA-2020:0374
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
Published: Sept. 13, 2019
Modified: Aug. 24, 2020
Modified: Aug. 24, 2020
CVE-2019-15030
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60
- http://www.openwall.com/lists/oss-security/2019/09/10/3
- USN-4135-2
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- USN-4135-1
- https://security.netapp.com/advisory/ntap-20191004-0001/
- RHSA-2020:0740
Published: Aug. 16, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-15098
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
Severity: MEDIUM (4.6) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://security.netapp.com/advisory/ntap-20190905-0002/
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- [oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2
- [oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2
- [oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2
- https://support.f5.com/csp/article/K61214359
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- USN-4185-1
- USN-4184-1
- USN-4186-1
- USN-4186-2
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u
- https://support.f5.com/csp/article/K61214359?utm_source=f5support&amp%3Butm_medium=RSS
Published: Aug. 21, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-15292
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6377f787aeb945cae7abbb6474798de129e1f3ac
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.9
- USN-4115-1
- USN-4118-1
- https://security.netapp.com/advisory/ntap-20190905-0002/
- [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- https://support.f5.com/csp/article/K27112954
- https://support.f5.com/csp/article/K27112954?utm_source=f5support&amp%3Butm_medium=RSS
Published: Aug. 23, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-15505
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://support.f5.com/csp/article/K28222050
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4163-1
- USN-4163-2
- USN-4162-2
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/
- https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-97380355ae
- https://support.f5.com/csp/article/K28222050?utm_source=f5support&amp%3Butm_medium=RSS
Published: Aug. 25, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-15538
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee
- [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- USN-4144-1
- https://security.netapp.com/advisory/ntap-20191004-0001/
- USN-4147-1
- https://lore.kernel.org/linux-xfs/20190823035528.GH1037422%40magnolia/
- https://lore.kernel.org/linux-xfs/20190823192433.GA8736%40eldamar.local
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-97380355ae
- https://support.f5.com/csp/article/K32592426?utm_source=f5support&amp%3Butm_medium=RSS
Published: Sept. 4, 2019
Modified: Oct. 17, 2019
Modified: Oct. 17, 2019
CVE-2019-15902
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
- https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- DSA-4531
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- https://security.netapp.com/advisory/ntap-20191004-0001/
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4163-1
- USN-4163-2
- USN-4162-2
Published: Sept. 4, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-15916
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.1
- https://security.netapp.com/advisory/ntap-20191004-0001/
- RHSA-2019:3517
- RHSA-2019:3309
- openSUSE-SU-2019:2675
- RHSA-2020:0740
- https://support.f5.com/csp/article/K57418558?utm_source=f5support&amp%3Butm_medium=RSS
Published: Sept. 5, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-15926
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d6751eaff672ea77642e74e92e6c0ac7f9709ab
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3
- [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- USN-4145-1
- https://support.f5.com/csp/article/K32034450
- https://security.netapp.com/advisory/ntap-20191004-0001/
- USN-4147-1
- https://support.f5.com/csp/article/K32034450?utm_source=f5support&amp%3Butm_medium=RSS
Published: Sept. 5, 2019
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2019-15927
An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-16746
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://marc.info/?l=linux-wireless&m=156901391225058&w=2
- https://security.netapp.com/advisory/ntap-20191031-0005/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- USN-4186-1
- USN-4183-1
- USN-4210-1
- USN-4209-1
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:1153
- https://www.oracle.com/security-alerts/cpuApr2021.html
- FEDORA-2019-057d691fd4
Published: Sept. 30, 2019
Modified: July 21, 2021
Modified: July 21, 2021
CVE-2019-16995
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.3
- https://github.com/torvalds/linux/commit/6caabe7f197d3466d238f70915d65301f1716626
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6caabe7f197d3466d238f70915d65301f1716626
- https://security.netapp.com/advisory/ntap-20191031-0005/
- openSUSE-SU-2019:2444
- openSUSE-SU-2019:2503
Published: Oct. 4, 2019
Modified: Nov. 3, 2022
Modified: Nov. 3, 2022
CVE-2019-17133
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://marc.info/?l=linux-wireless&m=157018270915487&w=2
- openSUSE-SU-2019:2392
- https://security.netapp.com/advisory/ntap-20191031-0005/
- openSUSE-SU-2019:2444
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- USN-4208-1
- USN-4210-1
- USN-4211-2
- USN-4211-1
- USN-4226-1
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- RHSA-2020:0174
- RHSA-2020:0375
- RHSA-2020:0374
- RHSA-2020:0543
- RHSA-2020:0592
- RHSA-2020:0609
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- RHSA-2020:0653
- RHSA-2020:0661
- RHSA-2020:0664
- RHSA-2020:0790
- https://www.oracle.com/security-alerts/cpuApr2021.html
Published: Oct. 17, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-17666
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://lkml.org/lkml/2019/10/16/1226
- https://twitter.com/nicowaisman/status/1184864519316758535
- https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/
- openSUSE-SU-2019:2392
- https://security.netapp.com/advisory/ntap-20191031-0005/
- openSUSE-SU-2019:2444
- USN-4184-1
- USN-4185-1
- USN-4186-1
- USN-4183-1
- USN-4186-2
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0543
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- RHSA-2020:0661
- RHSA-2020:0740
- FEDORA-2019-6a67ff8793
Published: Nov. 28, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-18660
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://www.openwall.com/lists/oss-security/2019/11/27/1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad
- [oss-security] 20191128 CVE-2019-18660: Linux kernel: powerpc: missing Spectre-RSB mitigation
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1
- openSUSE-SU-2019:2675
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4228-1
- USN-4227-1
- USN-4226-1
- USN-4225-1
- USN-4228-2
- USN-4227-2
- 20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2020:0174
- USN-4225-2
- FEDORA-2019-b86a7bdba0
- FEDORA-2019-124a241044
Published: Nov. 25, 2019
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2019-18675
The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://deshal3v.github.io/blog/kernel-research/mmap_exploitation
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/usb/cpia2/cpia2_core.c
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429
Published: Nov. 7, 2019
Modified: June 22, 2021
Modified: June 22, 2021
CVE-2019-18805
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Nov. 21, 2019
Modified: Dec. 5, 2019
Modified: Dec. 5, 2019
CVE-2019-19037
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: Nov. 18, 2019
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2019-19052
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
- https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817
- https://security.netapp.com/advisory/ntap-20191205-0001/
- openSUSE-SU-2019:2675
- USN-4228-1
- USN-4227-1
- USN-4225-1
- USN-4228-2
- USN-4226-1
- USN-4227-2
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- USN-4225-2
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://www.oracle.com/security-alerts/cpuApr2021.html
Published: Nov. 18, 2019
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2019-19060
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 18, 2019
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2019-19061
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 18, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-19074
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/728c1e2a05e4b5fc52fab3421dce772a806612a2
- https://security.netapp.com/advisory/ntap-20191205-0001/
- openSUSE-SU-2019:2675
- USN-4527-1
- USN-4526-1
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- https://www.oracle.com/security-alerts/cpuApr2021.html
- FEDORA-2019-021c968423
- FEDORA-2019-34a75d7e61
Published: Jan. 9, 2020
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-19332
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
- https://www.openwall.com/lists/oss-security/2019/12/16/1
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- USN-4254-1
- USN-4254-2
- https://security.netapp.com/advisory/ntap-20200204-0002/
- USN-4258-1
- USN-4287-1
- USN-4287-2
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- USN-4284-1
- openSUSE-SU-2020:0336
- https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/
Published: Dec. 8, 2019
Modified: Oct. 3, 2023
Modified: Oct. 3, 2023
CVE-2019-19448
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
- https://security.netapp.com/advisory/ntap-20200103-0001/
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- USN-4578-1
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
Published: Dec. 17, 2019
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2019-19816
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4414-1
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
Published: Jan. 3, 2019
Modified: Sept. 3, 2019
Modified: Sept. 3, 2019
CVE-2019-3701
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.
Severity: MEDIUM (4.4) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- https://marc.info/?l=linux-netdev&m=154651842302479&w=2
- https://bugzilla.suse.com/show_bug.cgi?id=1120386
- 106443
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- USN-3932-2
- USN-3932-1
- https://support.f5.com/csp/article/K17957133
- https://marc.info/?l=linux-netdev&m=154661373531512&w=2
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=0aaa81377c5a01f686bcdb8c7a6929a7bf330c68
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- USN-4115-1
- USN-4118-1
- openSUSE-SU-2020:0543
Published: Jan. 25, 2019
Modified: Oct. 19, 2020
Modified: Oct. 19, 2020
CVE-2019-3819
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819
- 106730
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- USN-3932-2
- USN-3932-1
- openSUSE-SU-2019:1193
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- USN-4115-1
- USN-4118-1
Published: June 3, 2019
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-3846
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://seclists.org/oss-sec/2019/q2/133
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
- DSA-4465
- [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
- [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
- openSUSE-SU-2019:1570
- openSUSE-SU-2019:1571
- 20190618 [SECURITY] [DSA 4465-1] linux security update
- openSUSE-SU-2019:1579
- https://security.netapp.com/advisory/ntap-20190710-0002/
- 20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- USN-4095-2
- USN-4095-1
- USN-4094-1
- USN-4093-1
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- USN-4117-1
- USN-4118-1
- RHSA-2019:2703
- RHSA-2019:2741
- RHSA-2019:3055
- RHSA-2019:3076
- RHSA-2019:3089
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- RHSA-2020:0174
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/
Published: April 24, 2019
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2019-3882
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3882
- USN-3981-1
- USN-3980-1
- USN-3979-1
- USN-3982-2
- openSUSE-SU-2019:1404
- USN-3982-1
- https://security.netapp.com/advisory/ntap-20190517-0005/
- openSUSE-SU-2019:1407
- USN-3980-2
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- USN-3981-2
- openSUSE-SU-2019:1479
- RHSA-2019:2043
- RHSA-2019:2029
- DSA-4497
- 20190813 [SECURITY] [DSA 4497-1] linux security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update
- RHSA-2019:3517
- RHSA-2019:3309
Published: April 25, 2019
Modified: April 26, 2024
Modified: April 26, 2024
CVE-2019-3900
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
Severity: HIGH (7.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://www.spinics.net/lists/kernel/msg3111012.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900
- 108076
- https://security.netapp.com/advisory/ntap-20190517-0005/
- RHSA-2019:1973
- RHSA-2019:2043
- RHSA-2019:2029
- DSA-4497
- 20190813 [SECURITY] [DSA 4497-1] linux security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update
- [debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update
- USN-4114-1
- USN-4117-1
- USN-4116-1
- USN-4115-1
- USN-4118-1
- RHSA-2019:3220
- RHSA-2019:3517
- RHSA-2019:3309
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2019:3836
- RHSA-2019:3967
- RHSA-2019:4058
- RHSA-2020:0204
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/
Published: Feb. 15, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
- 46388
- 107127
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- USN-3933-2
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- USN-3933-1
- https://support.f5.com/csp/article/K11186236
- RHSA-2019:0833
- RHSA-2019:0818
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- RHBA-2019:0959
- RHSA-2019:2809
- RHSA-2019:3967
- RHSA-2020:0103
- https://support.f5.com/csp/article/K11186236?utm_source=f5support&amp%3Butm_medium=RSS
Published: March 21, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://security.netapp.com/advisory/ntap-20190404-0002/
- RHSA-2019:0833
- RHSA-2019:0818
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- RHBA-2019:0959
- RHSA-2019:3967
- RHSA-2019:4058
- https://support.f5.com/csp/article/K08413011
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- SUSE-SA-2019:0203-1
- http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html
- http://www.openwall.com/lists/oss-security/2019/02/18/2
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
- FEDORA-2019-164946aa7f
- FEDORA-2019-3da64f3e61
Published: March 21, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-7222
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
- 106963
- [oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)
- http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html
- SUSE-SA-2019:0203-1
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- USN-3933-2
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://security.netapp.com/advisory/ntap-20190404-0002/
- USN-3933-1
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
- RHSA-2019:2043
- RHSA-2019:2029
- RHSA-2019:3309
- RHSA-2019:3517
- FEDORA-2019-164946aa7f
- FEDORA-2019-3da64f3e61
Published: Feb. 21, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-8980
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- 107120
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- openSUSE-SU-2019:1193
- https://support.f5.com/csp/article/K56480726
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935705.html
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935698.html
Published: March 6, 2019
Modified: Oct. 12, 2022
Modified: Oct. 12, 2022
CVE-2019-9213
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://github.com/torvalds/linux/commit/0a1d52994d440e21def1c2174932410b4f2a98a1
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1
- 46502
- 107296
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- openSUSE-SU-2019:1085
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- USN-3933-2
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- USN-3933-1
- openSUSE-SU-2019:1193
- RHSA-2019:0831
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- RHSA-2019:1479
- RHSA-2019:1480
- http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html
Published: Jan. 17, 2020
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2019-9500
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
Severity: HIGH (8.3) Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Links:
Published: June 12, 2020
Modified: June 6, 2023
Modified: June 6, 2023
CVE-2020-10732
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d
- https://github.com/google/kmsan/issues/76
- https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a
- https://twitter.com/grsecurity/status/1252558055629299712
- openSUSE-SU-2020:0801
- openSUSE-SU-2020:0935
- USN-4411-1
- USN-4427-1
- USN-4439-1
- USN-4440-1
- USN-4485-1
- https://security.netapp.com/advisory/ntap-20210129-0005/
- https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com/
Published: June 9, 2020
Modified: Jan. 19, 2024
Modified: Jan. 19, 2024
CVE-2020-10757
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- Red Hat
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9
- https://www.openwall.com/lists/oss-security/2020/06/04/4
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- DSA-4699
- DSA-4698
- openSUSE-SU-2020:0801
- https://security.netapp.com/advisory/ntap-20200702-0004/
- USN-4439-1
- USN-4426-1
- USN-4440-1
- USN-4483-1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/
Published: May 4, 2020
Modified: June 14, 2021
Modified: June 14, 2021
CVE-2020-12114
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.
Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.openwall.com/lists/oss-security/2020/05/04/2
- https://security.netapp.com/advisory/ntap-20200608-0001/
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- DSA-4699
- DSA-4698
- openSUSE-SU-2020:0801
- USN-4388-1
- USN-4392-1
- USN-4389-1
- USN-4387-1
- USN-4390-1
- USN-4391-1
- http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
Published: May 15, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-12888
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Links:
- [oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
- https://security.netapp.com/advisory/ntap-20200608-0001/
- openSUSE-SU-2020:0935
- openSUSE-SU-2020:1153
- USN-4526-1
- USN-4525-1
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/
- https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/
- FEDORA-2020-57bf620276
- FEDORA-2020-5436586091
Published: June 9, 2020
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2020-13974
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae
- https://lkml.org/lkml/2020/3/22/482
- openSUSE-SU-2020:0935
- USN-4427-1
- USN-4439-1
- USN-4440-1
- openSUSE-SU-2020:1153
- [debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package
- USN-4483-1
- USN-4485-1
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b
- https://www.oracle.com/security-alerts/cpujul2022.html
Published: Sept. 15, 2020
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2020-14331
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: MEDIUM (6.6) Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1858679
- https://lists.openwall.net/linux-kernel/2020/07/29/234
- https://www.openwall.com/lists/oss-security/2020/07/28/2
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
Published: Aug. 19, 2020
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2020-14356
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/
- https://bugzilla.redhat.com/show_bug.cgi?id=1868453
- https://bugzilla.kernel.org/show_bug.cgi?id=208003
- openSUSE-SU-2020:1236
- openSUSE-SU-2020:1325
- https://security.netapp.com/advisory/ntap-20200904-0002/
- USN-4484-1
- USN-4483-1
- USN-4526-1
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
Published: Sept. 16, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-14386
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://seclists.org/oss-sec/2020/q3/146
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- openSUSE-SU-2020:1655
- http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
- FEDORA-2020-468121099e
Published: May 11, 2021
Modified: April 2, 2023
Modified: April 2, 2023
CVE-2020-24586
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
Severity: LOW (3.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
- https://www.fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- [debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
Published: May 11, 2021
Modified: April 2, 2023
Modified: April 2, 2023
CVE-2020-24587
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
Severity: LOW (2.6) Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
- https://www.fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- [debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
Published: May 11, 2021
Modified: April 2, 2023
Modified: April 2, 2023
CVE-2020-24588
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
Severity: LOW (3.5) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
- https://www.fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- [debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
Published: Sept. 10, 2020
Modified: Jan. 20, 2021
Modified: Jan. 20, 2021
CVE-2020-25220
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.194
- https://bugzilla.redhat.com/show_bug.cgi?id=1868453
- https://www.spinics.net/lists/stable/msg405099.html
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.233
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.140
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=82fd2138a5ffd7e0d4320cdb669e115ee976a26e
- https://security.netapp.com/advisory/ntap-20201001-0004/
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
Published: Oct. 6, 2020
Modified: May 16, 2023
Modified: May 16, 2023
CVE-2020-25643
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105
- https://bugzilla.redhat.com/show_bug.cgi?id=1879981
- openSUSE-SU-2020:1655
- openSUSE-SU-2020:1698
- DSA-4774
- [debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- https://security.netapp.com/advisory/ntap-20201103-0002/
- https://www.starwindsoftware.com/security/sw-20210325-0002/
Published: Dec. 2, 2020
Modified: Oct. 25, 2022
Modified: Oct. 25, 2022
CVE-2020-25656
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
Severity: MEDIUM (4.1) Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Links:
- https://lkml.org/lkml/2020/10/29/528
- https://lkml.org/lkml/2020/10/16/84
- https://bugzilla.redhat.com/show_bug.cgi?id=1888726
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- [debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update
- https://www.starwindsoftware.com/security/sw-20210325-0006/
Published: May 26, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-25669
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/77e70d351db7de07a46ac49b87a6c3c7a60fca7e
- [debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update
- [oss-security] 20201120 Re: CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit
- [debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update
- [oss-security] 20201105 CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit
- https://security.netapp.com/advisory/ntap-20210702-0006/
- https://www.openwall.com/lists/oss-security/2020/11/05/2%2C
- https://www.openwall.com/lists/oss-security/2020/11/20/5%2C
Published: May 26, 2021
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2020-25670
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- [oss-security] 20210511 CVE-2021-23134: Linux kernel: UAF in nfc sockets
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
Published: May 26, 2021
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2020-25671
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
Published: May 25, 2021
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2020-25672
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- [oss-security] 20201101 [CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673]Linux kernel: many bugs in nfc socket
- https://www.openwall.com/lists/oss-security/2020/11/01/1
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- https://security.netapp.com/advisory/ntap-20210702-0008/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS/
Published: May 11, 2021
Modified: July 12, 2022
Modified: July 12, 2022
CVE-2020-26147
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Links:
- https://www.fragattacks.com
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- [oss-security] 20210511 various 802.11 security issues - fragattacks.com
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
Published: Sept. 1, 2022
Modified: May 16, 2023
Modified: May 16, 2023
CVE-2020-27784
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Dec. 11, 2020
Modified: May 16, 2023
Modified: May 16, 2023
CVE-2020-27786
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d
- https://bugzilla.redhat.com/show_bug.cgi?id=1900933
- https://security.netapp.com/advisory/ntap-20210122-0002/
- [oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1
Published: Jan. 13, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-28374
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.
Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7
- https://bugzilla.suse.com/show_bug.cgi?id=1178372
- https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
- https://bugzilla.suse.com/attachment.cgi?id=844938
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
- [oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload
- [oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload
- http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html
- DSA-4843
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20210219-0002/
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- FEDORA-2021-620fb40359
- FEDORA-2021-082e638d02
- FEDORA-2021-4a91649cf3
Published: Nov. 28, 2020
Modified: Feb. 15, 2024
Modified: Feb. 15, 2024
CVE-2020-29368
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 15, 2020
Modified: Jan. 19, 2023
Modified: Jan. 19, 2023
CVE-2020-29569
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
Published: Dec. 9, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-29661
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
- [oss-security] 20201210 2 kernel issues
- http://packetstormsecurity.com/files/160681/Linux-TIOCSPGRP-Broken-Locking.html
- https://security.netapp.com/advisory/ntap-20210122-0001/
- DSA-4843
- [debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update
- [debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update
- https://www.oracle.com/security-alerts/cpuoct2021.html
- http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html
- FEDORA-2020-b732958765
- FEDORA-2020-bc0cc81a7a
Published: Nov. 20, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-4788
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- ibm-i-cve20204788-info-disc (189296)
- https://www.ibm.com/support/pages/node/6370729
- [oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- [oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9
- https://www.oracle.com/security-alerts/cpujul2022.html
- FEDORA-2020-4700a73bd5
- FEDORA-2020-8c15928d23
Published: Feb. 6, 2020
Modified: Dec. 30, 2021
Modified: Dec. 30, 2021
CVE-2020-8647
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Links:
- https://bugzilla.kernel.org/show_bug.cgi?id=206359
- openSUSE-SU-2020:0388
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- DSA-4698
Published: Feb. 6, 2020
Modified: July 28, 2022
Modified: July 28, 2022
CVE-2020-8648
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Links:
- https://bugzilla.kernel.org/show_bug.cgi?id=206361
- openSUSE-SU-2020:0336
- USN-4344-1
- USN-4345-1
- USN-4342-1
- USN-4346-1
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- DSA-4698
- https://security.netapp.com/advisory/ntap-20200924-0004/
Published: Feb. 6, 2020
Modified: Dec. 30, 2021
Modified: Dec. 30, 2021
CVE-2020-8649
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Links:
- https://bugzilla.kernel.org/show_bug.cgi?id=206357
- openSUSE-SU-2020:0388
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- DSA-4698
Published: July 7, 2021
Modified: March 31, 2022
Modified: March 31, 2022
CVE-2021-22555
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
- https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
- http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html
- https://security.netapp.com/advisory/ntap-20210805-0010/
- http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
Published: April 22, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-23133
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b166a20b07382b8bc1dcee2a448715c9c2c81b5b
- https://www.openwall.com/lists/oss-security/2021/04/18/2
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- [oss-security] 20210510 Re: CVE-2021-23133: Linux kernel: race condition in sctp sockets
- https://security.netapp.com/advisory/ntap-20210611-0008/
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- FEDORA-2021-8cd093f639
- FEDORA-2021-e6b4847979
- FEDORA-2021-a963f04012
Published: May 13, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-23134
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d
- https://www.openwall.com/lists/oss-security/2021/05/11/4
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20210625-0007/
- FEDORA-2021-286375de1e
- FEDORA-2021-05152dbcf5
Published: March 17, 2021
Modified: Nov. 9, 2023
Modified: Nov. 9, 2023
CVE-2021-28660
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7
- [debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update
- https://security.netapp.com/advisory/ntap-20210507-0008/
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- [oss-security] 20221118 Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c
- [oss-security] 20221121 Re: Linux kernel: staging: rtl8712: A Use-after-Free/Double-Free bug in read_bbreg_hdl in drivers/staging/rtl8712/rtl8712_cmd.c
- FEDORA-2021-bb755ed5e3
Published: April 9, 2021
Modified: March 25, 2024
Modified: March 25, 2024
CVE-2021-29154
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.openwall.com/lists/oss-security/2021/04/08/1
- https://news.ycombinator.com/item?id=26757760
- http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html
- https://security.netapp.com/advisory/ntap-20210604-0006/
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
- https://www.oracle.com/security-alerts/cpujul2022.html
- FEDORA-2021-e71c033f88
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049
Published: July 20, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-33909
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
- https://www.openwall.com/lists/oss-security/2021/07/20/1
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-2] linux security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2714-1] linux-4.19 security update
- [debian-lts-announce] 20210720 [SECURITY] [DLA 2713-1] linux security update
- DSA-4941
- http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
- [oss-security] 20210722 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
- http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html
- https://security.netapp.com/advisory/ntap-20210819-0004/
- [oss-security] 20210825 Re: CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- [oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list
- [oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015
- FEDORA-2021-07dc0b3eb1
Published: June 8, 2021
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2021-3564
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1964139
- [oss-security] 20210601 Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug
- [oss-security] 20210525 CVE-2021-3564 Linux Bluetooth device initialization implementation bug
- https://www.openwall.com/lists/oss-security/2021/05/25/1
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
- [debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
Published: March 3, 2022
Modified: Jan. 24, 2023
Modified: Jan. 24, 2023
CVE-2021-3715
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 27, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-37576
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a
- [oss-security] 20210727 Re: Linux kernel: powerpc: KVM guest to host memory corruption
- https://security.netapp.com/advisory/ntap-20210917-0005/
- DSA-4978
- https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf%40mpe.ellerman.id.au/T/#u
- FEDORA-2021-817b3d47d2
- FEDORA-2021-12618d9b08
Published: March 25, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-4157
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.
Severity: HIGH (8.0) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 26, 2023
Modified: Aug. 11, 2023
Modified: Aug. 11, 2023
CVE-2023-0045
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
- https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://security.netapp.com/advisory/ntap-20230714-0001/
- https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8
Published: March 17, 2023
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2023-1390
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: March 23, 2023
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2023-28772
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7
- https://security.netapp.com/advisory/ntap-20230427-0005/
- https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home/
- https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com