ID

VAR-201911-1410

CVE

CVE-2019-19057

TITLE

Linux Kernel Vulnerable to resource exhaustion

DESCRIPTION

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. Linux Kernel Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability CID-d10dcb615c8e It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.208/*: Upgraded. IPV6_MULTIPLE_TABLES n -> y +IPV6_SUBTREES y These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.203: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917 Fixed in 4.4.204: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683 Fixed in 4.4.206: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614 Fixed in 4.4.207: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332 Fixed in 4.4.208: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: ef3ab53561656d90c19389bed7f883ea kernel-generic-4.4.208-i586-1.txz ce33ac504adf47d140c3d9ffbf7589b2 kernel-generic-smp-4.4.208_smp-i686-1.txz 2fb222e279ceacf6e3af294a1cce54e9 kernel-headers-4.4.208_smp-x86-1.txz c237d6708a9d59080deb5a6659d1acf1 kernel-huge-4.4.208-i586-1.txz 29018038f4e0510dfa7e9cdfe69c994a kernel-huge-smp-4.4.208_smp-i686-1.txz 6518395d78e7c7b323bd964dd3b9ed13 kernel-modules-4.4.208-i586-1.txz 440885e37ee410473bf1c9a6b028dd8b kernel-modules-smp-4.4.208_smp-i686-1.txz 969021b83f0cb73d7b745b3d77bdbee0 kernel-source-4.4.208_smp-noarch-1.txz Slackware x86_64 14.2 packages: d6edb0754c752aaf8fcbd8d4d5bfc30a kernel-generic-4.4.208-x86_64-1.txz 10255231f7085336046b49e829bf972c kernel-headers-4.4.208-x86-1.txz 369fa14fb7f59f1e903402be3ad685e7 kernel-huge-4.4.208-x86_64-1.txz b8c8261fbb6bed66c3ded3aa36e206df kernel-modules-4.4.208-x86_64-1.txz 83f37ca83c19fe8d1a785c93cc1ad6f5 kernel-source-4.4.208-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.208-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.208 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2020:1769-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1769 Issue date: 2020-04-28 CVE Names: CVE-2018-16871 CVE-2019-8980 CVE-2019-10639 CVE-2019-15090 CVE-2019-15099 CVE-2019-15221 CVE-2019-17053 CVE-2019-17055 CVE-2019-18805 CVE-2019-19057 CVE-2019-19073 CVE-2019-19074 CVE-2019-19534 CVE-2019-19768 CVE-2019-19922 CVE-2020-1749 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980) * kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) * kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) * kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534) * kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090) * kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099) * kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221) * kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057) * kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073) * kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074) * kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence 1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service 1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR 1738741 - L2 guest hit kernel panic when do L1->L1 live migration on PML-enabled intel host 1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure 1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash 1749633 - kernel: brk can grow the heap into the area reserved for the stack 1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c 1752765 - conntrack tool delete entry with CIDR crash 1757902 - fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITSd 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. 1765547 - Fallocate on XFS may discard concurrent AIO write 1767664 - Backport CIFS stale ESTALE handling and dentry revalidation patches 1771430 - svcrdma: Increase the default connection credit limit 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c 1771691 - Process killed while opening a file can result in leaked open handle on the server 1774933 - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS 1774937 - CVE-2019-19073 kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) 1775050 - CVE-2019-19057 kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c 1789594 - kernel: Wrong FE0/FE1 MSR restore in signal handlers on ppc64le 1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications 1795049 - RHEL8: Latency issue on Kubernetes / k8s / OpenShift 1803162 - [NFS] Dataloss with copy_file_range on NFS-mounted files that is not 4K aligned on RHEL 8. 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel. 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-193.el8.src.rpm aarch64: bpftool-4.18.0-193.el8.aarch64.rpm bpftool-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-4.18.0-193.el8.aarch64.rpm kernel-core-4.18.0-193.el8.aarch64.rpm kernel-cross-headers-4.18.0-193.el8.aarch64.rpm kernel-debug-4.18.0-193.el8.aarch64.rpm kernel-debug-core-4.18.0-193.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debug-devel-4.18.0-193.el8.aarch64.rpm kernel-debug-modules-4.18.0-193.el8.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm kernel-devel-4.18.0-193.el8.aarch64.rpm kernel-headers-4.18.0-193.el8.aarch64.rpm kernel-modules-4.18.0-193.el8.aarch64.rpm kernel-modules-extra-4.18.0-193.el8.aarch64.rpm kernel-tools-4.18.0-193.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-tools-libs-4.18.0-193.el8.aarch64.rpm perf-4.18.0-193.el8.aarch64.rpm perf-debuginfo-4.18.0-193.el8.aarch64.rpm python3-perf-4.18.0-193.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-193.el8.noarch.rpm kernel-doc-4.18.0-193.el8.noarch.rpm ppc64le: bpftool-4.18.0-193.el8.ppc64le.rpm bpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-4.18.0-193.el8.ppc64le.rpm kernel-core-4.18.0-193.el8.ppc64le.rpm kernel-cross-headers-4.18.0-193.el8.ppc64le.rpm kernel-debug-4.18.0-193.el8.ppc64le.rpm kernel-debug-core-4.18.0-193.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debug-devel-4.18.0-193.el8.ppc64le.rpm kernel-debug-modules-4.18.0-193.el8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm kernel-devel-4.18.0-193.el8.ppc64le.rpm kernel-headers-4.18.0-193.el8.ppc64le.rpm kernel-modules-4.18.0-193.el8.ppc64le.rpm kernel-modules-extra-4.18.0-193.el8.ppc64le.rpm kernel-tools-4.18.0-193.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-tools-libs-4.18.0-193.el8.ppc64le.rpm perf-4.18.0-193.el8.ppc64le.rpm perf-debuginfo-4.18.0-193.el8.ppc64le.rpm python3-perf-4.18.0-193.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm s390x: bpftool-4.18.0-193.el8.s390x.rpm bpftool-debuginfo-4.18.0-193.el8.s390x.rpm kernel-4.18.0-193.el8.s390x.rpm kernel-core-4.18.0-193.el8.s390x.rpm kernel-cross-headers-4.18.0-193.el8.s390x.rpm kernel-debug-4.18.0-193.el8.s390x.rpm kernel-debug-core-4.18.0-193.el8.s390x.rpm kernel-debug-debuginfo-4.18.0-193.el8.s390x.rpm kernel-debug-devel-4.18.0-193.el8.s390x.rpm kernel-debug-modules-4.18.0-193.el8.s390x.rpm kernel-debug-modules-extra-4.18.0-193.el8.s390x.rpm kernel-debuginfo-4.18.0-193.el8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.el8.s390x.rpm kernel-devel-4.18.0-193.el8.s390x.rpm kernel-headers-4.18.0-193.el8.s390x.rpm kernel-modules-4.18.0-193.el8.s390x.rpm kernel-modules-extra-4.18.0-193.el8.s390x.rpm kernel-tools-4.18.0-193.el8.s390x.rpm kernel-tools-debuginfo-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-core-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.el8.s390x.rpm perf-4.18.0-193.el8.s390x.rpm perf-debuginfo-4.18.0-193.el8.s390x.rpm python3-perf-4.18.0-193.el8.s390x.rpm python3-perf-debuginfo-4.18.0-193.el8.s390x.rpm x86_64: bpftool-4.18.0-193.el8.x86_64.rpm bpftool-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-4.18.0-193.el8.x86_64.rpm kernel-core-4.18.0-193.el8.x86_64.rpm kernel-cross-headers-4.18.0-193.el8.x86_64.rpm kernel-debug-4.18.0-193.el8.x86_64.rpm kernel-debug-core-4.18.0-193.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debug-devel-4.18.0-193.el8.x86_64.rpm kernel-debug-modules-4.18.0-193.el8.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm kernel-devel-4.18.0-193.el8.x86_64.rpm kernel-headers-4.18.0-193.el8.x86_64.rpm kernel-modules-4.18.0-193.el8.x86_64.rpm kernel-modules-extra-4.18.0-193.el8.x86_64.rpm kernel-tools-4.18.0-193.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-tools-libs-4.18.0-193.el8.x86_64.rpm perf-4.18.0-193.el8.x86_64.rpm perf-debuginfo-4.18.0-193.el8.x86_64.rpm python3-perf-4.18.0-193.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.el8.aarch64.rpm perf-debuginfo-4.18.0-193.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.el8.ppc64le.rpm perf-debuginfo-4.18.0-193.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.el8.x86_64.rpm perf-debuginfo-4.18.0-193.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqhVdNzjgjWX9erEAQhD/w//dPnDo2yo4d8QrzWDVVkXPNxRzhSCh7Rc vCtSYPB6YMydkKglUvdHS+ZGv+N/1xs8CTpAZ59q3NTiw2FdkCPfSuJiTwdCyOwc xars8lYLd2yKv/yhHXh5HDOloRRK26cKANvpUXFJCmbOq/muSEyhRTKKG2t+Iijn lMzS6BIheasfjupsy3K2JGeZCjKlH7u1yulJVH4BaQZ/K04NxKjOWGnZ9eAoP6gp AwPGT9YYT3Eg24NTaUVHBsrWMF7ybDkWuRav8TBHT8Uukoztjmypi/5C925tbVGM Ln36s+wfwPuytgos3JcjYVFhAzPwdtay99ZlXukeJlVXBc/AZEqkE3tp1dOUz5o/ QwjX2TByLMa6XAMWtNjW8AOcx30VuG73EoYNussB/J9+1eeehj7VpdAp/AWQm7q0 dHe0U6Pzm48vWLvuBzuc1JLC87ssbIC1n4WrfyUm86ECT8WZ4TsF8FZwlrzMB8Au wPMo9RHXb4gU9WgSfdikOvZy8DnyUfSIPnlyK71iaa7rqRlPVWM/XqDq7so7KF1o 3dE9bquitvi5H8/sEsgRGiqA6tb1Lh+mjhbE5FQxAggKnXz83UpJjk9aSL3dj+yY W1XxCp5lPPLclygA8lo7sqgD6RCBjWxzyGZBK0SoLzv2qHzrhxBeM0mOmhH7xRb5 N2G5/HRp5K8=0ugo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4284-1 February 18, 2020 linux, linux-aws, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786) It was discovered that the Sound Open Firmware (SOF) driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-18811) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19057) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19063) It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19071) It was discovered that the Broadcom Netxtreme HCA device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19077) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19078) It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19082) It was discovered that the IO uring implementation in the Linux kernel did not properly perform credentials checks in certain situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2019-19241) Or Cohen discovered that the virtual console subsystem in the Linux kernel did not properly restrict writes to unimplemented vcsu (unicode) devices. A local attacker could possibly use this to cause a denial of service (system crash) or have other unspecified impacts. (CVE-2019-19252) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that a race condition existed in the Linux kernel on x86 platforms when keeping track of which process was assigned control of the FPU. (CVE-2019-19602) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767) It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: linux-image-5.3.0-1009-oracle 5.3.0-1009.10 linux-image-5.3.0-1010-kvm 5.3.0-1010.11 linux-image-5.3.0-1011-aws 5.3.0-1011.12 linux-image-5.3.0-1012-gcp 5.3.0-1012.13 linux-image-5.3.0-1018-raspi2 5.3.0-1018.20 linux-image-5.3.0-40-generic 5.3.0-40.32 linux-image-5.3.0-40-generic-lpae 5.3.0-40.32 linux-image-5.3.0-40-lowlatency 5.3.0-40.32 linux-image-5.3.0-40-snapdragon 5.3.0-40.32 linux-image-aws 5.3.0.1011.13 linux-image-gcp 5.3.0.1012.13 linux-image-generic 5.3.0.40.34 linux-image-generic-lpae 5.3.0.40.34 linux-image-gke 5.3.0.1012.13 linux-image-kvm 5.3.0.1010.12 linux-image-lowlatency 5.3.0.40.34 linux-image-oracle 5.3.0.1009.10 linux-image-raspi2 5.3.0.1018.15 linux-image-snapdragon 5.3.0.40.34 linux-image-virtual 5.3.0.40.34 Ubuntu 18.04 LTS: linux-image-5.3.0-1012-gcp 5.3.0-1012.13~18.04.1 linux-image-5.3.0-1013-azure 5.3.0-1013.14~18.04.1 linux-image-5.3.0-1018-raspi2 5.3.0-1018.20~18.04.1 linux-image-5.3.0-40-generic 5.3.0-40.32~18.04.1 linux-image-5.3.0-40-generic-lpae 5.3.0-40.32~18.04.1 linux-image-5.3.0-40-lowlatency 5.3.0-40.32~18.04.1 linux-image-azure-edge 5.3.0.1013.13 linux-image-gcp-edge 5.3.0.1012.11 linux-image-generic-hwe-18.04 5.3.0.40.97 linux-image-generic-lpae-hwe-18.04 5.3.0.40.97 linux-image-lowlatency-hwe-18.04 5.3.0.40.97 linux-image-raspi2-hwe-18.04 5.3.0.1018.7 linux-image-snapdragon-hwe-18.04 5.3.0.40.97 linux-image-virtual-hwe-18.04 5.3.0.40.97 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4284-1 CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229, CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18811, CVE-2019-19050, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19071, CVE-2019-19077, CVE-2019-19078, CVE-2019-19082, CVE-2019-19241, CVE-2019-19252, CVE-2019-19332, CVE-2019-19602, CVE-2019-19767, CVE-2019-19947, CVE-2019-19965 Package Information: https://launchpad.net/ubuntu/+source/linux/5.3.0-40.32 https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1011.12 https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1012.13 https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1010.11 https://launchpad.net/ubuntu/+source/linux-oracle/5.3.0-1009.10 https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1018.20 https://launchpad.net/ubuntu/+source/linux-azure-5.3/5.3.0-1013.14~18.04.1 https://launchpad.net/ubuntu/+source/linux-gcp-5.3/5.3.0-1012.13~18.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-40.32~18.04.1 https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1018.20~18.04.1 . 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * RT: update RT source tree to the RHEL-8.2 tree (BZ#1708716) * KVM-RT guest fails boot with emulatorsched (BZ#1712781) * 8 vCPU guest need max latency < 20 us with stress [RT-8.2] (BZ#1757165) * Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike [rt-8] (BZ#1788352) * RT: Add rpm Provide of 'kernel' to indicate that this is a kernel package (BZ#1796284) * [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot (BZ#1806871) Enhancement(s): * update to the upstream 5.x RT patchset (BZ#1680161) 4

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu,Red Hat,Slackware Security Team

SOURCES

LAST UPDATE DATE

2024-09-17T20:45:56.200000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE