ALT-PU-2020-1056-1
Package kernel-image-std-debug updated to version 4.9.210-alt0.M80P.1 for branch p8 in task 244300.
Closed vulnerabilities
Published: 2019-11-28
BDU:2019-04799
Уязвимость функции mwifiex_process_country_ie() (drivers/net/wireless/marvell/mwifiex/sta_ioctl.c) драйвера Marvell WiFi ядра операционной системы Linux, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2020-01-09
BDU:2020-00884
Уязвимость микропрограммного обеспечения процессоров Intel c Intel Processor Graphics, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: LOW (1.9)
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
References:
Published: 2020-01-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14615
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
Severity: LOW (1.9)
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
- http://seclists.org/fulldisclosure/2020/Mar/31
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://support.apple.com/kb/HT211100
- https://usn.ubuntu.com/4253-1/
- https://usn.ubuntu.com/4253-2/
- https://usn.ubuntu.com/4254-1/
- https://usn.ubuntu.com/4254-2/
- https://usn.ubuntu.com/4255-1/
- https://usn.ubuntu.com/4255-2/
- https://usn.ubuntu.com/4284-1/
- https://usn.ubuntu.com/4285-1/
- https://usn.ubuntu.com/4286-1/
- https://usn.ubuntu.com/4286-2/
- https://usn.ubuntu.com/4287-1/
- https://usn.ubuntu.com/4287-2/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
- http://seclists.org/fulldisclosure/2020/Mar/31
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://support.apple.com/kb/HT211100
- https://usn.ubuntu.com/4253-1/
- https://usn.ubuntu.com/4253-2/
- https://usn.ubuntu.com/4254-1/
- https://usn.ubuntu.com/4254-2/
- https://usn.ubuntu.com/4255-1/
- https://usn.ubuntu.com/4255-2/
- https://usn.ubuntu.com/4284-1/
- https://usn.ubuntu.com/4285-1/
- https://usn.ubuntu.com/4286-1/
- https://usn.ubuntu.com/4286-2/
- https://usn.ubuntu.com/4287-1/
- https://usn.ubuntu.com/4287-2/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html
Published: 2019-11-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-14895
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://access.redhat.com/errata/RHSA-2020:0374
- https://access.redhat.com/errata/RHSA-2020:0375
- https://access.redhat.com/errata/RHSA-2020:0543
- https://access.redhat.com/errata/RHSA-2020:0592
- https://access.redhat.com/errata/RHSA-2020:0609
- https://access.redhat.com/errata/RHSA-2020:0653
- https://access.redhat.com/errata/RHSA-2020:0661
- https://access.redhat.com/errata/RHSA-2020:0664
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4228-2/
- https://www.openwall.com/lists/oss-security/2019/11/22/2
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://access.redhat.com/errata/RHSA-2020:0374
- https://access.redhat.com/errata/RHSA-2020:0375
- https://access.redhat.com/errata/RHSA-2020:0543
- https://access.redhat.com/errata/RHSA-2020:0592
- https://access.redhat.com/errata/RHSA-2020:0609
- https://access.redhat.com/errata/RHSA-2020:0653
- https://access.redhat.com/errata/RHSA-2020:0661
- https://access.redhat.com/errata/RHSA-2020:0664
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4228-2/
- https://www.openwall.com/lists/oss-security/2019/11/22/2