ID

VAR-202001-0472

CVE

CVE-2019-14615

TITLE

Intel Processor Graphics Information disclosure vulnerability

DESCRIPTION

Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. An information disclosure vulnerability exists in Intel Processor Graphics. This vulnerability stems from configuration errors in network systems or products during operation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra are now available and address the following: Apple HSSPI Support Available for: macOS Catalina 10.15.3 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team AppleGraphicsControl Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team AppleMobileFileIntegrity Available for: macOS Catalina 10.15.3 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de) Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3907: Yu Wang of Didi Research America CVE-2020-3908: Yu Wang of Didi Research America CVE-2020-3912: Yu Wang of Didi Research America Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3892: Yu Wang of Didi Research America CVE-2020-3893: Yu Wang of Didi Research America CVE-2020-3905: Yu Wang of Didi Research America Call History Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to access a user's call history Description: This issue was addressed with a new entitlement. CVE-2020-9776: Benjamin Randazzo (@____benjamin) CoreFoundation Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to elevate privileges Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG FaceTime Available for: macOS Catalina 10.15.3 Impact: A local user may be able to view sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion - Israel Institute of Technology Icons Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs Intel Graphics Driver Available for: macOS Catalina 10.15.3 Impact: A malicious application may disclose restricted memory Description: An information disclosure issue was addressed with improved state management. CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina IOHIDFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher IOThunderboltFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai Kernel Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com Mail Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3 Impact: A remote attacker may be able to cause arbitrary javascript code execution Description: An injection issue was addressed with improved validation. CVE-2020-3884: Apple sudo Available for: macOS Catalina 10.15.3 Impact: An attacker may be able to run commands as a non-existent user Description: This issue was addressed by updating to sudo version 1.8.31. CVE-2019-19232 TCC Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A maliciously crafted application may be able to bypass code signing enforcement Description: A logic issue was addressed with improved restrictions. CVE-2020-3906: Patrick Wardle of Jamf Vim Available for: macOS Catalina 10.15.3 Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating to version 8.1.1850. CVE-2020-9769: Steve Hahn from LinkedIn Additional recognition CoreText We would like to acknowledge an anonymous researcher for their assistance. FireWire Audio We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington for their assistance. FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance. Install Framework Legacy We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch of UAL Creative Computing Institute, and an anonymous researcher for their assistance. LinkPresentation We would like to acknowledge Travis for their assistance. OpenSSH We would like to acknowledge an anonymous researcher for their assistance. rapportd We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt for their assistance. Sidecar We would like to acknowledge Rick Backley (@rback_sec) for their assistance. Installation note: macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m 6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs 671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf ZHp7Jd+FZIoCP69dNnxG =AUHy -----END PGP SIGNATURE----- . (CVE-2020-7053) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-168.197 | 63.1 | generic, lowlatency | | 4.4.0-168.197~14.04.1 | 63.1 | lowlatency, generic | | 4.4.0-169.198 | 63.1 | generic, lowlatency | | 4.4.0-169.198~14.04.1 | 63.1 | lowlatency, generic | | 4.4.0-170.199 | 63.1 | lowlatency, generic | | 4.4.0-170.199~14.04.1 | 63.1 | lowlatency, generic | | 4.4.0-171.200 | 63.1 | lowlatency, generic | | 4.4.0-171.200~14.04.1 | 63.1 | generic, lowlatency | | 4.4.0-173.203 | 63.1 | generic, lowlatency | | 4.4.0-1098.109 | 63.1 | aws | | 4.4.0-1099.110 | 63.1 | aws | | 4.4.0-1100.111 | 63.1 | aws | | 4.4.0-1101.112 | 63.1 | aws | | 4.15.0-69.78 | 63.1 | generic, lowlatency | | 4.15.0-69.78~16.04.1 | 63.1 | lowlatency, generic | | 4.15.0-70.79 | 63.1 | lowlatency, generic | | 4.15.0-70.79~16.04.1 | 63.1 | generic, lowlatency | | 4.15.0-72.81 | 63.1 | generic, lowlatency | | 4.15.0-72.81~16.04.1 | 63.1 | generic, lowlatency | | 4.15.0-74.83~16.04.1 | 63.1 | lowlatency, generic | | 4.15.0-74.84 | 63.1 | generic, lowlatency | | 4.15.0-76.86 | 63.1 | generic, lowlatency | | 4.15.0-76.86~16.04.1 | 63.1 | lowlatency, generic | | 4.15.0-1054.56 | 63.1 | aws | | 4.15.0-1056.58 | 63.1 | aws | | 4.15.0-1057.59 | 63.1 | aws | | 4.15.0-1058.60 | 63.1 | aws | | 4.15.0-1063.68 | 63.1 | azure | | 4.15.0-1063.72 | 63.1 | oem | | 4.15.0-1064.69 | 63.1 | azure | | 4.15.0-1064.73 | 63.1 | oem | | 4.15.0-1065.75 | 63.1 | oem | | 4.15.0-1066.71 | 63.1 | azure | | 4.15.0-1066.76 | 63.1 | oem | | 4.15.0-1067.72 | 63.1 | azure | | 4.15.0-1067.77 | 63.1 | oem | | 5.0.0-1025.26~18.04.1 | 63.1 | gcp | | 5.0.0-1025.27~18.04.1 | 63.1 | azure | | 5.0.0-1026.27~18.04.1 | 63.1 | gcp | | 5.0.0-1027.29~18.04.1 | 63.1 | azure | | 5.0.0-1028.29~18.04.1 | 63.1 | gcp | | 5.0.0-1028.30~18.04.1 | 63.1 | azure | | 5.0.0-1029.30~18.04.1 | 63.1 | gcp | | 5.0.0-1029.31~18.04.1 | 63.1 | azure | Support Information: Kernels older than the levels listed below do not receive livepatch updates. Please upgrade your kernel as soon as possible. | Series | Version | Flavors | |------------------+------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1054 | aws | | Ubuntu 16.04 LTS | 4.4.0-1098 | aws | | Ubuntu 18.04 LTS | 5.0.0-1025 | azure | | Ubuntu 16.04 LTS | 4.15.0-1063 | azure | | Ubuntu 18.04 LTS | 4.15.0-69 | generic lowlatency | | Ubuntu 18.04 LTS | 5.0.0-1025 | gcp | | Ubuntu 16.04 LTS | 4.15.0-69 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-168 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1063 | oem | | Ubuntu 16.04 LTS | 4.4.0-168 | generic lowlatency | References: CVE-2019-5108, CVE-2019-14615, CVE-2019-19050, CVE-2019-20096, CVE-2020-7053 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . ========================================================================== Ubuntu Security Notice USN-4287-1 February 18, 2020 linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786) It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-18809) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-18885) It was discovered that multiple memory leaks existed in the Marvell WiFi-Ex Driver for the Linux kernel. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063) It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19071) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19078) It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19082) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-5108) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1033-oracle 4.15.0-1033.36 linux-image-4.15.0-1052-gke 4.15.0-1052.55 linux-image-4.15.0-1053-kvm 4.15.0-1053.53 linux-image-4.15.0-1055-raspi2 4.15.0-1055.59 linux-image-4.15.0-1060-aws 4.15.0-1060.62 linux-image-4.15.0-1072-snapdragon 4.15.0-1072.79 linux-image-4.15.0-88-generic 4.15.0-88.88 linux-image-4.15.0-88-generic-lpae 4.15.0-88.88 linux-image-4.15.0-88-lowlatency 4.15.0-88.88 linux-image-aws 4.15.0.1060.61 linux-image-aws-lts-18.04 4.15.0.1060.61 linux-image-generic 4.15.0.88.80 linux-image-generic-lpae 4.15.0.88.80 linux-image-gke 4.15.0.1052.56 linux-image-gke-4.15 4.15.0.1052.56 linux-image-kvm 4.15.0.1053.53 linux-image-lowlatency 4.15.0.88.80 linux-image-oracle 4.15.0.1033.38 linux-image-oracle-lts-18.04 4.15.0.1033.38 linux-image-powerpc-e500mc 4.15.0.88.80 linux-image-powerpc-smp 4.15.0.88.80 linux-image-powerpc64-emb 4.15.0.88.80 linux-image-powerpc64-smp 4.15.0.88.80 linux-image-raspi2 4.15.0.1055.53 linux-image-snapdragon 4.15.0.1072.75 linux-image-virtual 4.15.0.88.80 Ubuntu 16.04 LTS: linux-image-4.15.0-1033-oracle 4.15.0-1033.36~16.04.1 linux-image-4.15.0-1055-gcp 4.15.0-1055.59 linux-image-4.15.0-1060-aws 4.15.0-1060.62~16.04.1 linux-image-4.15.0-1071-azure 4.15.0-1071.76 linux-image-4.15.0-88-generic 4.15.0-88.88~16.04.1 linux-image-4.15.0-88-generic-lpae 4.15.0-88.88~16.04.1 linux-image-4.15.0-88-lowlatency 4.15.0-88.88~16.04.1 linux-image-aws-hwe 4.15.0.1060.60 linux-image-azure 4.15.0.1071.74 linux-image-gcp 4.15.0.1055.69 linux-image-generic-hwe-16.04 4.15.0.88.98 linux-image-generic-lpae-hwe-16.04 4.15.0.88.98 linux-image-gke 4.15.0.1055.69 linux-image-lowlatency-hwe-16.04 4.15.0.88.98 linux-image-oem 4.15.0.88.98 linux-image-oracle 4.15.0.1033.26 linux-image-virtual-hwe-16.04 4.15.0.88.98 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4287-1 CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229, CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809, CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227, CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096, CVE-2019-5108, CVE-2020-7053 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-88.88 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1060.62 https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1052.55 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1053.53 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1033.36 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1055.59 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1072.79 https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1060.62~16.04.1 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1071.76 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1055.59 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-88.88~16.04.1 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1033.36~16.04.1

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

information disclosure

PATCH

EXTERNAL IDS