Vulnerabilities > CVE-2019-13272 - Improper Privilege Management vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
debian
fedoraproject
canonical
redhat
netapp
CWE-269
nessus
exploit available
metasploit

Summary

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

Vulnerable Configurations

Part Description Count
OS
Linux
850
OS
Debian
3
OS
Fedoraproject
1
OS
Canonical
3
OS
Redhat
3
OS
Netapp
3
Hardware
Netapp
4
Application
Netapp
21

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.

Exploit-Db

  • idEDB-ID:47543
    last seen2019-10-24
    modified2019-10-24
    published2019-10-24
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/47543
    titleLinux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)
  • idEDB-ID:47133
    last seen2019-07-17
    modified2019-07-17
    published2019-07-17
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/47133
    titleLinux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME
  • idEDB-ID:47163
    last seen2019-07-26
    modified2019-07-24
    published2019-07-24
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/47163
    titleLinux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation

Metasploit

descriptionThis module exploits an issue in ptrace_link in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME.
idMSF:EXPLOIT/LINUX/LOCAL/PTRACE_TRACEME_PKEXEC_HELPER
last seen2020-06-12
modified2019-11-03
published2019-09-05
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/local/ptrace_traceme_pkexec_helper.rb
titleLinux Polkit pkexec helper PTRACE_TRACEME local root exploit

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3263-1.NASL
    descriptionThis update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed : CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132008
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132008
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3263-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4118-1.NASL
    descriptionIt was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id128478
    published2019-09-03
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128478
    titleUbuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1862.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2101 Andrey Konovalov discovered that the USB Video Class driver (uvcvideo) did not consistently handle a type field in device descriptors, which could result in a heap buffer overflow. This could be used for denial of service or possibly for privilege escalation. CVE-2019-10639 Amit Klein and Benny Pinkas discovered that the generation of IP packet IDs used a weak hash function that incorporated a kernel virtual address. In Linux 3.16 this hash function is not used for IP IDs but is used for other purposes in the network stack. In custom kernel configurations that enable kASLR, this might weaken kASLR. CVE-2019-13272 Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126964
    published2019-07-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126964
    titleDebian DLA-1862-1 : linux security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4484.NASL
    descriptionJann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.
    last seen2020-06-01
    modified2020-06-02
    plugin id126837
    published2019-07-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126837
    titleDebian DSA-4484-1 : linux - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3260-1.NASL
    descriptionThis update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed : CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132006
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132006
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3260-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3228-1.NASL
    descriptionThis update for the Linux Kernel 4.4.180-94_100 fixes several issues. The following security issues were fixed : CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). CVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317). CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131999
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131999
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3228-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4746.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id127985
    published2019-08-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127985
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4094-1.NASL
    descriptionIt was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127889
    published2019-08-14
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127889
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, (USN-4094-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3232-1.NASL
    descriptionThis update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed : CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132001
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132001
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3232-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4093-1.NASL
    descriptionIt was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127888
    published2019-08-14
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127888
    titleUbuntu 18.04 LTS / 19.04 : linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, (USN-4093-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3261-1.NASL
    descriptionThis update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed : CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132007
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132007
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3261-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2405.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127721
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127721
    titleRHEL 8 : kernel-rt (RHSA-2019:2405)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1186.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.(CVE-2012-3400)The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164)The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.(CVE-2013-2206)The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.(CVE-2013-6282)An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836)The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A n issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.(CVE-2019-11810)An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)A flaw was found in the Linux kernel
    last seen2020-05-03
    modified2020-03-11
    plugin id134387
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134387
    titleEulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4117-1.NASL
    descriptionIt was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128477
    published2019-09-03
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128477
    titleUbuntu 19.04 : linux-aws vulnerabilities (USN-4117-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-202-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126882
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126882
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2019-202-01)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A95015E60F.NASL
    descriptionUpdate to v5.1.18 ---- Update to v5.1.17 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126801
    published2019-07-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126801
    titleFedora 29 : kernel / kernel-headers (2019-a95015e60f)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2984-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id131120
    published2019-11-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131120
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1926.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Security Fix(es):A flaw was found in the Linux kernel
    last seen2020-04-16
    modified2019-09-17
    plugin id128929
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128929
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2809.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * Kernel: page cache side channel attacks (CVE-2019-5489) * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967) * [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534) * RHEL-Alt-7.6 - powerpc/pseries: Fix uninitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ #1673613) * RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979) * RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ# 1710304) * kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127) * RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836) * RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ# 1717906) * fragmented packets timing out (BZ#1729066) * Backport TCP follow-up for small buffers (BZ#1733617) Enhancement(s) : * RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)
    last seen2020-06-01
    modified2020-06-02
    plugin id129145
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129145
    titleRHEL 7 : kernel-alt (RHSA-2019:2809)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4095-1.NASL
    descriptionEli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127890
    published2019-08-14
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127890
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4095-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3258-1.NASL
    descriptionThis update for the Linux Kernel 4.4.178-94_91 fixes several issues. The following security issues were fixed : CVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to improper error handling (bsc#1156331). CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). CVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317). CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132005
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132005
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3258-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2411.NASL
    descriptionFrom Red Hat Security Advisory 2019:2411 : An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127978
    published2019-08-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127978
    titleOracle Linux 8 : kernel (ELSA-2019-2411)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3230-1.NASL
    descriptionThis update for the Linux Kernel 4.4.180-94_103 fixes several issues. The following security issues were fixed : CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). CVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317). CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132000
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132000
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3230-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2949-1.NASL
    descriptionThe SUSE Linux Enterprise 12-SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130949
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130949
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2411.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127722
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127722
    titleRHEL 8 : kernel (RHSA-2019:2411)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1863.NASL
    descriptionJann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126965
    published2019-07-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126965
    titleDebian DLA-1863-1 : linux-4.9 security update
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0026_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128732
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128732
    titlePhoton OS 3.0: Linux PHSA-2019-3.0-0026

Packetstorm

Redhat

advisories
  • bugzilla
    id1730895
    titleCVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentkernel-rt-modules-extra is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405001
          • commentkernel-rt-modules-extra is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191174008
        • AND
          • commentkernel-rt-core is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405003
          • commentkernel-rt-core is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191174006
        • AND
          • commentkernel-rt-debug is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405005
          • commentkernel-rt-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727014
        • AND
          • commentkernel-rt-debug-modules-extra is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405007
          • commentkernel-rt-debug-modules-extra is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191174016
        • AND
          • commentkernel-rt-devel is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405009
          • commentkernel-rt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727012
        • AND
          • commentkernel-rt is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405011
          • commentkernel-rt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727006
        • AND
          • commentkernel-rt-debug-devel is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405013
          • commentkernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727010
        • AND
          • commentkernel-rt-kvm is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405015
          • commentkernel-rt-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212018
        • AND
          • commentkernel-rt-debug-core is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405017
          • commentkernel-rt-debug-core is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191174022
        • AND
          • commentkernel-rt-debug-modules is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405019
          • commentkernel-rt-debug-modules is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191174010
        • AND
          • commentkernel-rt-debug-kvm is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405021
          • commentkernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212020
        • AND
          • commentkernel-rt-modules is earlier than 0:4.18.0-80.7.2.rt9.154.el8_0
            ovaloval:com.redhat.rhsa:tst:20192405023
          • commentkernel-rt-modules is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191174020
    rhsa
    idRHSA-2019:2405
    released2019-08-07
    severityImportant
    titleRHSA-2019:2405: kernel-rt security update (Important)
  • bugzilla
    id1730895
    titleCVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • commentkernel earlier than 0:4.18.0-80.7.2.el8_0 is currently running
          ovaloval:com.redhat.rhsa:tst:20192411051
        • commentkernel earlier than 0:4.18.0-80.7.2.el8_0 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20192411052
      • OR
        • AND
          • commentkernel-abi-whitelists is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411001
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-doc is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411003
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-modules-extra is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411005
          • commentkernel-modules-extra is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167016
        • AND
          • commentkernel-cross-headers is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411007
          • commentkernel-cross-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167046
        • AND
          • commentkernel-devel is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411009
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-zfcpdump-core is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411011
          • commentkernel-zfcpdump-core is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167006
        • AND
          • commentkernel-zfcpdump-modules-extra is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411013
          • commentkernel-zfcpdump-modules-extra is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167014
        • AND
          • commentkernel is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411015
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentpython3-perf is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411017
          • commentpython3-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167024
        • AND
          • commentbpftool is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411019
          • commentbpftool is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183083026
        • AND
          • commentkernel-zfcpdump-modules is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411021
          • commentkernel-zfcpdump-modules is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167020
        • AND
          • commentkernel-headers is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411023
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-modules is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411025
          • commentkernel-modules is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167044
        • AND
          • commentkernel-core is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411027
          • commentkernel-core is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167036
        • AND
          • commentkernel-debug-modules is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411029
          • commentkernel-debug-modules is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167018
        • AND
          • commentkernel-debug-core is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411031
          • commentkernel-debug-core is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167026
        • AND
          • commentkernel-zfcpdump is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411033
          • commentkernel-zfcpdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167008
        • AND
          • commentkernel-debug is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411035
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-tools is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411037
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentkernel-zfcpdump-devel is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411039
          • commentkernel-zfcpdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167038
        • AND
          • commentkernel-debug-devel is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411041
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentperf is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411043
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-tools-libs is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411045
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentkernel-debug-modules-extra is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411047
          • commentkernel-debug-modules-extra is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191167010
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:4.18.0-80.7.2.el8_0
            ovaloval:com.redhat.rhsa:tst:20192411049
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
    rhsa
    idRHSA-2019:2411
    released2019-08-07
    severityImportant
    titleRHSA-2019:2411: kernel security update (Important)
  • rhsa
    idRHSA-2019:2809
rpms
  • kernel-rt-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-core-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debug-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debug-core-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debug-debuginfo-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debug-devel-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debug-kvm-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debug-kvm-debuginfo-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debug-modules-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debug-modules-extra-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debuginfo-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-devel-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-kvm-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-kvm-debuginfo-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-modules-0:4.18.0-80.7.2.rt9.154.el8_0
  • kernel-rt-modules-extra-0:4.18.0-80.7.2.rt9.154.el8_0
  • bpftool-0:4.18.0-80.7.2.el8_0
  • bpftool-debuginfo-0:4.18.0-80.7.2.el8_0
  • kernel-0:4.18.0-80.7.2.el8_0
  • kernel-abi-whitelists-0:4.18.0-80.7.2.el8_0
  • kernel-core-0:4.18.0-80.7.2.el8_0
  • kernel-cross-headers-0:4.18.0-80.7.2.el8_0
  • kernel-debug-0:4.18.0-80.7.2.el8_0
  • kernel-debug-core-0:4.18.0-80.7.2.el8_0
  • kernel-debug-debuginfo-0:4.18.0-80.7.2.el8_0
  • kernel-debug-devel-0:4.18.0-80.7.2.el8_0
  • kernel-debug-modules-0:4.18.0-80.7.2.el8_0
  • kernel-debug-modules-extra-0:4.18.0-80.7.2.el8_0
  • kernel-debuginfo-0:4.18.0-80.7.2.el8_0
  • kernel-debuginfo-common-aarch64-0:4.18.0-80.7.2.el8_0
  • kernel-debuginfo-common-ppc64le-0:4.18.0-80.7.2.el8_0
  • kernel-debuginfo-common-s390x-0:4.18.0-80.7.2.el8_0
  • kernel-debuginfo-common-x86_64-0:4.18.0-80.7.2.el8_0
  • kernel-devel-0:4.18.0-80.7.2.el8_0
  • kernel-doc-0:4.18.0-80.7.2.el8_0
  • kernel-headers-0:4.18.0-80.7.2.el8_0
  • kernel-modules-0:4.18.0-80.7.2.el8_0
  • kernel-modules-extra-0:4.18.0-80.7.2.el8_0
  • kernel-tools-0:4.18.0-80.7.2.el8_0
  • kernel-tools-debuginfo-0:4.18.0-80.7.2.el8_0
  • kernel-tools-libs-0:4.18.0-80.7.2.el8_0
  • kernel-tools-libs-devel-0:4.18.0-80.7.2.el8_0
  • kernel-zfcpdump-0:4.18.0-80.7.2.el8_0
  • kernel-zfcpdump-core-0:4.18.0-80.7.2.el8_0
  • kernel-zfcpdump-debuginfo-0:4.18.0-80.7.2.el8_0
  • kernel-zfcpdump-devel-0:4.18.0-80.7.2.el8_0
  • kernel-zfcpdump-modules-0:4.18.0-80.7.2.el8_0
  • kernel-zfcpdump-modules-extra-0:4.18.0-80.7.2.el8_0
  • perf-0:4.18.0-80.7.2.el8_0
  • perf-debuginfo-0:4.18.0-80.7.2.el8_0
  • python3-perf-0:4.18.0-80.7.2.el8_0
  • python3-perf-debuginfo-0:4.18.0-80.7.2.el8_0
  • kernel-0:4.14.0-115.12.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.12.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.12.1.el7a
  • kernel-debug-0:4.14.0-115.12.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.12.1.el7a
  • kernel-debug-devel-0:4.14.0-115.12.1.el7a
  • kernel-debuginfo-0:4.14.0-115.12.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.12.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.12.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.12.1.el7a
  • kernel-devel-0:4.14.0-115.12.1.el7a
  • kernel-doc-0:4.14.0-115.12.1.el7a
  • kernel-headers-0:4.14.0-115.12.1.el7a
  • kernel-kdump-0:4.14.0-115.12.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.12.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.12.1.el7a
  • kernel-tools-0:4.14.0-115.12.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.12.1.el7a
  • kernel-tools-libs-0:4.14.0-115.12.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.12.1.el7a
  • perf-0:4.14.0-115.12.1.el7a
  • perf-debuginfo-0:4.14.0-115.12.1.el7a
  • python-perf-0:4.14.0-115.12.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.12.1.el7a

References