ALT-PU-2019-1329-1
Package kernel-image-std-4.9 updated to version 4.9.160-alt0.M80C.1 for branch c8.1 in task 223068.
Closed vulnerabilities
Published: 2019-02-07
BDU:2019-01346
Уязвимость функции kvm_ioctl_create_device ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.1)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-02-07
BDU:2019-01352
Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-01-24
BDU:2019-02782
Уязвимость функции hid_debug_events_read () ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.4)
Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-02-07
BDU:2019-03996
Уязвимость ядра операционной системы Linux, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2018-02-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-1000026
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
Severity: HIGH (7.7)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
- [netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40
- [netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40
- [netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96
- [netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96
- RHSA-2018:2948
- RHSA-2018:2948
- RHSA-2018:3083
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2018:3096
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- https://patchwork.ozlabs.org/patch/859410/
- https://patchwork.ozlabs.org/patch/859410/
- USN-3617-1
- USN-3617-1
- USN-3617-2
- USN-3617-2
- USN-3617-3
- USN-3617-3
- USN-3619-1
- USN-3619-1
- USN-3619-2
- USN-3619-2
- USN-3620-1
- USN-3620-1
- USN-3620-2
- USN-3620-2
- USN-3632-1
- USN-3632-1
Published: 2019-01-25
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-3819
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.
Severity: MEDIUM (4.4)
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:1193
- openSUSE-SU-2019:1193
- 106730
- 106730
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- USN-3932-1
- USN-3932-1
- USN-3932-2
- USN-3932-2
- USN-4115-1
- USN-4115-1
- USN-4118-1
- USN-4118-1
Published: 2019-02-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Severity: HIGH (8.1)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
- 107127
- RHBA-2019:0959
- RHSA-2019:0818
- RHSA-2019:0833
- RHSA-2019:2809
- RHSA-2019:3967
- RHSA-2020:0103
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- https://support.f5.com/csp/article/K11186236
- https://support.f5.com/csp/article/K11186236?utm_source=f5support&%3Butm_medium=RSS
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- USN-3933-1
- USN-3933-2
- 46388
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
- 46388
- USN-3933-2
- USN-3933-1
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://support.f5.com/csp/article/K11186236?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K11186236
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
- RHSA-2020:0103
- RHSA-2019:3967
- RHSA-2019:2809
- RHSA-2019:0833
- RHSA-2019:0818
- RHBA-2019:0959
- 107127
Published: 2019-03-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- SUSE-SA-2019:0203-1
- http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html
- http://www.openwall.com/lists/oss-security/2019/02/18/2
- RHBA-2019:0959
- RHSA-2019:0818
- RHSA-2019:0833
- RHSA-2019:3967
- RHSA-2019:4058
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- FEDORA-2019-164946aa7f
- FEDORA-2019-3da64f3e61
- https://security.netapp.com/advisory/ntap-20190404-0002/
- https://support.f5.com/csp/article/K08413011
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- SUSE-SA-2019:0203-1
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://support.f5.com/csp/article/K08413011
- https://security.netapp.com/advisory/ntap-20190404-0002/
- FEDORA-2019-3da64f3e61
- FEDORA-2019-164946aa7f
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1760
- RHSA-2019:4058
- RHSA-2019:3967
- RHSA-2019:0833
- RHSA-2019:0818
- RHBA-2019:0959
- http://www.openwall.com/lists/oss-security/2019/02/18/2
- http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html
Published: 2019-03-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-7222
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- SUSE-SA-2019:0203-1
- http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html
- [oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)
- 106963
- RHSA-2019:2029
- RHSA-2019:2043
- RHSA-2019:3309
- RHSA-2019:3517
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- FEDORA-2019-164946aa7f
- FEDORA-2019-3da64f3e61
- https://security.netapp.com/advisory/ntap-20190404-0002/
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- USN-3933-1
- USN-3933-2
- SUSE-SA-2019:0203-1
- USN-3933-2
- USN-3933-1
- USN-3932-2
- USN-3932-1
- USN-3931-2
- USN-3931-1
- USN-3930-2
- USN-3930-1
- https://security.netapp.com/advisory/ntap-20190404-0002/
- FEDORA-2019-3da64f3e61
- FEDORA-2019-164946aa7f
- [debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
- [debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
- [debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
- https://github.com/torvalds/linux/commits/master/arch/x86/kvm
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1759
- RHSA-2019:3517
- RHSA-2019:3309
- RHSA-2019:2043
- RHSA-2019:2029
- 106963
- [oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)
- http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html