ALT-PU-2019-2441-1
Package kernel-image-mp updated to version 5.2.8-alt1 for branch sisyphus in task 235914.
Closed vulnerabilities
Published: 2019-08-19
BDU:2019-03086
Уязвимость драйвера sound/usb/helper.c (motu_microbookii) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.6)
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-19
BDU:2019-03093
Уязвимость драйвера drivers/media/usb/cpia2/cpia2_usb.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.6)
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-19
BDU:2019-03097
Уязвимость драйвера drivers/media/v4l2-core/v4l2-dev.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.6)
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-15211
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.
Severity: MEDIUM (4.6)
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2675
- openSUSE-SU-2019:2675
- [oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2
- [oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c666355e60ddb4748ead3bdd983e3f7f2224aaf0
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c666355e60ddb4748ead3bdd983e3f7f2224aaf0
- [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://syzkaller.appspot.com/bug?id=775f90f43cfd6f8ac6c15251ce68e604453da226
- https://syzkaller.appspot.com/bug?id=775f90f43cfd6f8ac6c15251ce68e604453da226
- USN-4115-1
- USN-4115-1
- USN-4118-1
- USN-4118-1
- USN-4145-1
- USN-4145-1
- USN-4147-1
- USN-4147-1
Published: 2019-08-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-15215
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.
Severity: MEDIUM (4.6)
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2181
- [oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2
- [oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eff73de2b1600ad8230692f00bc0ab49b166512a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eff73de2b1600ad8230692f00bc0ab49b166512a
- [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://syzkaller.appspot.com/bug?id=b68d3c254cf294f8a802582094fa3251d6de5247
- https://syzkaller.appspot.com/bug?id=b68d3c254cf294f8a802582094fa3251d6de5247
- USN-4115-1
- USN-4115-1
- USN-4118-1
- USN-4118-1
- USN-4145-1
- USN-4145-1
- USN-4147-1
- USN-4147-1
Published: 2019-08-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-15222
An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver.
Severity: MEDIUM (4.6)
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2181
- [oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2
- [oss-security] 20190820 Linux kernel: multiple vulnerabilities in the USB subsystem x2
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.8
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d78e1c2b7f4be00bbe62141603a631dc7812f35
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d78e1c2b7f4be00bbe62141603a631dc7812f35
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://syzkaller.appspot.com/bug?id=3ec1dad62657fef22282536d7532dbb65eee778a
- https://syzkaller.appspot.com/bug?id=3ec1dad62657fef22282536d7532dbb65eee778a