ALT-PU-2019-2763-1
Package kernel-image-un-def updated to version 5.2.17-alt1 for branch sisyphus in task 237944.
Closed vulnerabilities
Published: 2019-09-18
BDU:2019-04677
Уязвимость функции Coalesced_MMIO ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
Severity: HIGH (8.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2019-07-22
BDU:2020-01344
Уязвимость компонента drivers/media/usb/dvb-usb/technisat-usb2.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-08-22
BDU:2020-01862
Уязвимость функции в drivers/net/wireless/rsi/rsi_91x_usb.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-09-03
BDU:2020-03327
Уязвимость функции mwifiex_update_vs_ie() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-09-03
BDU:2020-03328
Уязвимость функции mwifiex_set_uap_rates() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-09-03
BDU:2020-03329
Уязвимость функции mwifiex_set_wmm_params() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-09-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14814
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2181
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- RHSA-2020:0174
- RHSA-2020:0174
- RHSA-2020:0328
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0339
- https://access.redhat.com/security/cve/cve-2019-14814
- https://access.redhat.com/security/cve/cve-2019-14814
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-97380355ae
- FEDORA-2019-97380355ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-4c91a2f76e
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://security.netapp.com/advisory/ntap-20191031-0005/
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
- USN-4162-1
- USN-4162-1
- USN-4162-2
- USN-4162-2
- USN-4163-1
- USN-4163-1
- USN-4163-2
- USN-4163-2
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://www.openwall.com/lists/oss-security/2019/08/28/1
Published: 2019-11-25
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14815
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- RHSA-2020:0174
- RHSA-2020:0174
- RHSA-2020:0328
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0339
- https://access.redhat.com/security/cve/cve-2019-14815
- https://access.redhat.com/security/cve/cve-2019-14815
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com
- https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://www.openwall.com/lists/oss-security/2019/08/28/1
Published: 2019-09-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14816
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2181
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- RHSA-2020:0174
- RHSA-2020:0174
- RHSA-2020:0204
- RHSA-2020:0204
- RHSA-2020:0328
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0339
- RHSA-2020:0374
- RHSA-2020:0374
- RHSA-2020:0375
- RHSA-2020:0375
- RHSA-2020:0653
- RHSA-2020:0653
- RHSA-2020:0661
- RHSA-2020:0661
- RHSA-2020:0664
- RHSA-2020:0664
- https://access.redhat.com/security/cve/cve-2019-14816
- https://access.redhat.com/security/cve/cve-2019-14816
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-97380355ae
- FEDORA-2019-97380355ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-4c91a2f76e
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://security.netapp.com/advisory/ntap-20191031-0005/
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
- USN-4162-1
- USN-4162-1
- USN-4162-2
- USN-4162-2
- USN-4163-1
- USN-4163-1
- USN-4163-2
- USN-4163-2
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://www.openwall.com/lists/oss-security/2019/08/28/1
Published: 2019-09-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References:
- openSUSE-SU-2019:2308
- openSUSE-SU-2019:2308
- openSUSE-SU-2019:2307
- openSUSE-SU-2019:2307
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [oss-security] 20190920 CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
- [oss-security] 20190920 CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
- RHSA-2019:3309
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3517
- RHSA-2019:3978
- RHSA-2019:3978
- RHSA-2019:3979
- RHSA-2019:3979
- RHSA-2019:4154
- RHSA-2019:4154
- RHSA-2019:4256
- RHSA-2019:4256
- RHSA-2020:0027
- RHSA-2020:0027
- RHSA-2020:0204
- RHSA-2020:0204
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- FEDORA-2019-15e141c6a7
- FEDORA-2019-15e141c6a7
- FEDORA-2019-a570a92d5a
- FEDORA-2019-a570a92d5a
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://security.netapp.com/advisory/ntap-20191004-0001/
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
- USN-4162-1
- USN-4162-1
- USN-4162-2
- USN-4162-2
- USN-4163-1
- USN-4163-1
- USN-4163-2
- USN-4163-2
- DSA-4531
- DSA-4531
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
Published: 2019-08-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-15504
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- FEDORA-2019-97380355ae
- FEDORA-2019-97380355ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-4c91a2f76e
- https://lore.kernel.org/lkml/20190819220230.10597-1-benquike%40gmail.com/
- https://lore.kernel.org/lkml/20190819220230.10597-1-benquike%40gmail.com/
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://support.f5.com/csp/article/K33554143
- https://support.f5.com/csp/article/K33554143
- https://support.f5.com/csp/article/K33554143?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K33554143?utm_source=f5support&%3Butm_medium=RSS
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
Published: 2019-08-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-15505
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
- https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-97380355ae
- FEDORA-2019-97380355ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-4c91a2f76e
- https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/
- https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/
- https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/
- https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://support.f5.com/csp/article/K28222050
- https://support.f5.com/csp/article/K28222050
- https://support.f5.com/csp/article/K28222050?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K28222050?utm_source=f5support&%3Butm_medium=RSS
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
- USN-4162-1
- USN-4162-1
- USN-4162-2
- USN-4162-2
- USN-4163-1
- USN-4163-1
- USN-4163-2
- USN-4163-2