ALT-PU-2019-2845-1
Package kernel-image-un-def updated to version 5.3.5-alt1 for branch sisyphus in task 238999.
Closed vulnerabilities
BDU:2019-03827
Уязвимость функции write_tpt_entry (drivers/infiniband/hw/cxgb4/mem.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-04516
Уязвимость функции ql_alloc_large_buffers() (drivers/net/ethernet/qlogic/qla3xxx.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-04677
Уязвимость функции Coalesced_MMIO ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность
BDU:2020-00069
Уязвимость функции fib6_rule_suppress() ядра операционной системы Linux, позволяющая нарушителю вызвать повреждение памяти
BDU:2020-00120
Уязвимость функции nfp_flower_spawn_vnic_reprs() (drivers/net/ethernet/netronome/nfp/flower/main.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00121
Уязвимость функции nfp_flower_spawn_phy_reprs() (drivers/net/ethernet/netronome/nfp/flower/main.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00285
Уязвимость драйвера drivers/media/usb/ttusb-dec/ttusb_dec.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2020-00849
Уязвимость функции fib6_rule_lookup() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-01321
Уязвимость функции ax25_create из net/ax25/af_ax25.c модуля AF_AX25 ядра операционной системы Linux, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2020-01322
Уязвимость функции ieee802154_create из net/ieee802154/socket.c модуля AF_IEEE802154 ядра операционной системы Linux, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2020-01323
Уязвимость функции atalk_create из net/appletalk/ddp.c модуля AF_APPLETALK ядра операционной системы Linux, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2020-01324
Уязвимость функции base_sock_create из drivers/isdn/mISDN/socket.c модуля AF_ISDN ядра операционной системы Linux, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2020-01344
Уязвимость компонента drivers/media/usb/dvb-usb/technisat-usb2.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
BDU:2020-05796
Уязвимость функции llcp_sock_create из net/nfc/llcp_sock.c модуля AF_NFC ядра операционной системы Linux, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю оказать воздействие на целостность данных
Modified: 2024-11-21
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
- openSUSE-SU-2019:2308
- openSUSE-SU-2019:2308
- openSUSE-SU-2019:2307
- openSUSE-SU-2019:2307
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [oss-security] 20190920 CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
- [oss-security] 20190920 CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
- RHSA-2019:3309
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3517
- RHSA-2019:3978
- RHSA-2019:3978
- RHSA-2019:3979
- RHSA-2019:3979
- RHSA-2019:4154
- RHSA-2019:4154
- RHSA-2019:4256
- RHSA-2019:4256
- RHSA-2020:0027
- RHSA-2020:0027
- RHSA-2020:0204
- RHSA-2020:0204
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- [debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update
- FEDORA-2019-15e141c6a7
- FEDORA-2019-15e141c6a7
- FEDORA-2019-a570a92d5a
- FEDORA-2019-a570a92d5a
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- 20190925 [SECURITY] [DSA 4531-1] linux security update
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://security.netapp.com/advisory/ntap-20191004-0001/
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
- USN-4162-1
- USN-4162-1
- USN-4162-2
- USN-4162-2
- USN-4163-1
- USN-4163-1
- USN-4163-2
- USN-4163-2
- DSA-4531
- DSA-4531
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
Modified: 2024-11-21
CVE-2019-15505
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
- https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-97380355ae
- FEDORA-2019-97380355ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-4c91a2f76e
- https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/
- https://lore.kernel.org/linux-media/20190821104408.w7krumcglxo6fz5q%40gofer.mess.org/
- https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/
- https://lore.kernel.org/lkml/b9b256cb-95f2-5fa1-9956-5a602a017c11%40gmail.com/
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://security.netapp.com/advisory/ntap-20190905-0002/
- https://support.f5.com/csp/article/K28222050
- https://support.f5.com/csp/article/K28222050
- https://support.f5.com/csp/article/K28222050?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K28222050?utm_source=f5support&%3Butm_medium=RSS
- USN-4157-1
- USN-4157-1
- USN-4157-2
- USN-4157-2
- USN-4162-1
- USN-4162-1
- USN-4162-2
- USN-4162-2
- USN-4163-1
- USN-4163-1
- USN-4163-2
- USN-4163-2
Modified: 2024-11-21
CVE-2019-17052
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2c675dab816278a1724c1e93b384c2f05a11cb31
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2c675dab816278a1724c1e93b384c2f05a11cb31
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0614e2b73768b502fc32a75349823356d98aae2c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0614e2b73768b502fc32a75349823356d98aae2c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-41e28660ae
- FEDORA-2019-41e28660ae
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- USN-4184-1
- USN-4184-1
- USN-4185-1
- USN-4185-1
- USN-4185-2
- USN-4185-2
- USN-4186-1
- USN-4186-1
- USN-4186-2
- USN-4186-2
Modified: 2024-11-21
CVE-2019-17053
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e69dbd4619e7674c1679cba49afd9dd9ac347eef
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-41e28660ae
- FEDORA-2019-41e28660ae
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- USN-4184-1
- USN-4184-1
- USN-4185-1
- USN-4185-1
- USN-4185-2
- USN-4185-2
- USN-4186-1
- USN-4186-1
- USN-4186-2
- USN-4186-2
Modified: 2024-11-21
CVE-2019-17054
atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-41e28660ae
- FEDORA-2019-41e28660ae
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- USN-4184-1
- USN-4184-1
- USN-4185-1
- USN-4185-1
- USN-4185-2
- USN-4185-2
- USN-4186-1
- USN-4186-1
- USN-4186-2
- USN-4186-2
Modified: 2024-11-21
CVE-2019-17055
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
- openSUSE-SU-2019:2503
- openSUSE-SU-2019:2503
- openSUSE-SU-2019:2507
- openSUSE-SU-2019:2507
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- RHSA-2020:0790
- RHSA-2020:0790
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-41e28660ae
- FEDORA-2019-41e28660ae
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- USN-4184-1
- USN-4184-1
- USN-4185-1
- USN-4185-1
- USN-4185-2
- USN-4185-2
- USN-4186-1
- USN-4186-1
- USN-4186-2
- USN-4186-2
Modified: 2024-11-21
CVE-2019-17056
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
- openSUSE-SU-2019:2392
- openSUSE-SU-2019:2392
- openSUSE-SU-2019:2444
- openSUSE-SU-2019:2444
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a359798b176183ef09efb7a3dc59abad1cc7104
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a359798b176183ef09efb7a3dc59abad1cc7104
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- FEDORA-2019-41e28660ae
- FEDORA-2019-41e28660ae
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- USN-4184-1
- USN-4184-1
- USN-4185-1
- USN-4185-1
- USN-4185-2
- USN-4185-2
- USN-4186-1
- USN-4186-1
- USN-4186-2
- USN-4186-2
Modified: 2024-11-21
CVE-2019-17075
An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://lore.kernel.org/lkml/20191001165611.GA3542072%40kroah.com
- https://lore.kernel.org/lkml/20191001165611.GA3542072%40kroah.com
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
- USN-4208-1
- USN-4208-1
- USN-4210-1
- USN-4210-1
- USN-4211-1
- USN-4211-1
- USN-4211-2
- USN-4211-2
- USN-4226-1
- USN-4226-1
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
Modified: 2024-11-21
CVE-2019-18198
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
- https://github.com/torvalds/linux/commit/ca7a03c4175366a92cee0ccc4fec0038c3266e26
- https://github.com/torvalds/linux/commit/ca7a03c4175366a92cee0ccc4fec0038c3266e26
- https://launchpad.net/bugs/1847478
- https://launchpad.net/bugs/1847478
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://security.netapp.com/advisory/ntap-20191031-0005/
- USN-4161-1
- USN-4161-1
Modified: 2024-11-21
CVE-2019-18806
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4
Modified: 2024-11-21
CVE-2019-18807
Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68501df92d116b760777a2cfda314789f926476f
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68501df92d116b760777a2cfda314789f926476f
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://security.netapp.com/advisory/ntap-20191205-0001/
Modified: 2024-11-21
CVE-2019-19080
Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.
- openSUSE-SU-2019:2675
- openSUSE-SU-2019:2675
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://github.com/torvalds/linux/commit/8572cea1461a006bce1d06c0c4b0575869125fa4
- https://github.com/torvalds/linux/commit/8572cea1461a006bce1d06c0c4b0575869125fa4
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://security.netapp.com/advisory/ntap-20191205-0001/
Modified: 2024-11-21
CVE-2019-19081
A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.
- openSUSE-SU-2019:2675
- openSUSE-SU-2019:2675
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://github.com/torvalds/linux/commit/8ce39eb5a67aee25d9f05b40b673c95b23502e3e
- https://github.com/torvalds/linux/commit/8ce39eb5a67aee25d9f05b40b673c95b23502e3e
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://security.netapp.com/advisory/ntap-20191205-0001/
Modified: 2024-11-21
CVE-2019-19533
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
- openSUSE-SU-2020:0336
- openSUSE-SU-2020:0336
- [oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3
- [oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
Modified: 2024-11-21
CVE-2019-20422
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa
- https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa
- https://security.netapp.com/advisory/ntap-20200313-0003/
- https://security.netapp.com/advisory/ntap-20200313-0003/