ALT-PU-2019-2842-1
Package kernel-image-un-def updated to version 5.3.0-alt1 for branch sisyphus in task 238034.
Closed vulnerabilities
BDU:2020-00155
Уязвимость функции qrtr_tun_write_iter() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00355
Уязвимость ядра операционных систем Linux, связанная с недостаточной проверкой вводимых данных и некорректной реализацией функций, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02427
Уязвимость функции pivot_root (fs/namespace.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-03327
Уязвимость функции mwifiex_update_vs_ie() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2020-03328
Уязвимость функции mwifiex_set_uap_rates() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2020-03329
Уязвимость функции mwifiex_set_wmm_params() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Modified: 2024-11-21
CVE-2019-14814
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2181
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- RHSA-2020:0174
- RHSA-2020:0174
- RHSA-2020:0328
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0339
- https://access.redhat.com/security/cve/cve-2019-14814
- https://access.redhat.com/security/cve/cve-2019-14814
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-97380355ae
- FEDORA-2019-97380355ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-4c91a2f76e
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://security.netapp.com/advisory/ntap-20191031-0005/
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
- USN-4162-1
- USN-4162-1
- USN-4162-2
- USN-4162-2
- USN-4163-1
- USN-4163-1
- USN-4163-2
- USN-4163-2
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://www.openwall.com/lists/oss-security/2019/08/28/1
Modified: 2024-11-21
CVE-2019-14815
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
- RHSA-2020:0174
- RHSA-2020:0174
- RHSA-2020:0328
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0339
- https://access.redhat.com/security/cve/cve-2019-14815
- https://access.redhat.com/security/cve/cve-2019-14815
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com
- https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://www.openwall.com/lists/oss-security/2019/08/28/1
Modified: 2024-11-21
CVE-2019-14816
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2173
- openSUSE-SU-2019:2181
- openSUSE-SU-2019:2181
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- [oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver
- RHSA-2020:0174
- RHSA-2020:0174
- RHSA-2020:0204
- RHSA-2020:0204
- RHSA-2020:0328
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0339
- RHSA-2020:0374
- RHSA-2020:0374
- RHSA-2020:0375
- RHSA-2020:0375
- RHSA-2020:0653
- RHSA-2020:0653
- RHSA-2020:0661
- RHSA-2020:0661
- RHSA-2020:0664
- RHSA-2020:0664
- https://access.redhat.com/security/cve/cve-2019-14816
- https://access.redhat.com/security/cve/cve-2019-14816
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3
- https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-97380355ae
- FEDORA-2019-97380355ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-4c91a2f76e
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://security.netapp.com/advisory/ntap-20191031-0005/
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
- USN-4162-1
- USN-4162-1
- USN-4162-2
- USN-4162-2
- USN-4163-1
- USN-4163-1
- USN-4163-2
- USN-4163-2
- https://www.openwall.com/lists/oss-security/2019/08/28/1
- https://www.openwall.com/lists/oss-security/2019/08/28/1
Modified: 2024-11-21
CVE-2019-19079
A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3
- https://github.com/torvalds/linux/commit/a21b7f0cff1906a93a0130b74713b15a0b36481d
- https://github.com/torvalds/linux/commit/a21b7f0cff1906a93a0130b74713b15a0b36481d
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://security.netapp.com/advisory/ntap-20191205-0001/
- USN-4258-1
- USN-4258-1
Modified: 2024-11-21
CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
- https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
- https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://security.netapp.com/advisory/ntap-20200204-0002/
- https://security.netapp.com/advisory/ntap-20200204-0002/
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
- USN-4285-1
- USN-4285-1
- USN-4286-1
- USN-4286-1
- USN-4286-2
- USN-4286-2
- USN-4287-1
- USN-4287-1
- USN-4287-2
- USN-4287-2
- DSA-4698
- DSA-4698
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
Modified: 2024-11-21
CVE-2020-12114
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.
- openSUSE-SU-2020:0801
- http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
- http://www.openwall.com/lists/oss-security/2020/05/04/2
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://security.netapp.com/advisory/ntap-20200608-0001/
- USN-4387-1
- USN-4388-1
- USN-4389-1
- USN-4390-1
- USN-4391-1
- USN-4392-1
- DSA-4698
- DSA-4699
- https://www.oracle.com/security-alerts/cpuApr2021.html
- openSUSE-SU-2020:0801
- https://www.oracle.com/security-alerts/cpuApr2021.html
- DSA-4699
- DSA-4698
- USN-4392-1
- USN-4391-1
- USN-4390-1
- USN-4389-1
- USN-4388-1
- USN-4387-1
- https://security.netapp.com/advisory/ntap-20200608-0001/
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- http://www.openwall.com/lists/oss-security/2020/05/04/2
- http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html