ALT-PU-2019-1201-1
Package kernel-image-un-def updated to version 4.19.20-alt1 for branch sisyphus in task 221034.
Closed vulnerabilities
Published: 2019-01-28
BDU:2019-01069
Уязвимость функции handle_rx() ядра операционной системы Linux, позволяющая нарушителю вызвать повреждение памяти ядра
Severity: HIGH (7.0)
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-01-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-16880
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.
Severity: HIGH (7.0)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1404
- openSUSE-SU-2019:1404
- 106735
- 106735
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16880
- https://support.f5.com/csp/article/K03593314
- https://support.f5.com/csp/article/K03593314
- USN-3903-1
- USN-3903-1
- USN-3903-2
- USN-3903-2