Vulnerabilities > CVE-2019-3459 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

Vulnerable Configurations

Part Description Count
OS
Linux
4114
OS
Canonical
4
OS
Redhat
23
OS
Debian
1
Application
Redhat
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) - Kernel: page cache side channel attacks (CVE-2019-5489) - kernel: Buffer overflow in hidp_process_report (CVE-2018-9363) - kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) - kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) - kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625) - kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c (CVE-2018-14734) - kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594) - kernel: TLB flush happens too late on mremap (CVE-2018-18281) - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) - kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) - kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) - kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) - kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c (CVE-2018-7755) - kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl () can lead to potential denial of service (CVE-2018-8087) - kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c (CVE-2018-9516) - kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053) - kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093) - kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094) - kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095) - kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658) - kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885) - Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)
    last seen2020-03-18
    modified2019-08-27
    plugin id128226
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128226
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20190806)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0439-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). CVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122343
    published2019-02-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122343
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3931-1.NASL
    descriptionM. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service (guest VM crash). (CVE-2018-14678) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123678
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123678
    titleUbuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, (USN-3931-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0901-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728) CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host
    last seen2020-06-01
    modified2020-06-02
    plugin id123927
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123927
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0901-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0765-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id123413
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123413
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0765-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-140.NASL
    descriptionThe openSUSE Leap 42.3 Linux kernel was updated to 4.4.172 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities in the Bluetooth stack were fixed that could potentially leak kernel information (bsc#1120758) - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso _get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process
    last seen2020-03-18
    modified2019-02-07
    plugin id121633
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121633
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-140)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-274.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.175 to receive various bugfixes. The following security bugs were fixed : - CVE-2018-5391: Fixed a vulnerability, which allowed an attacker to cause a denial of service attack with low rates of packets targeting IP fragment re-assembly. (bsc#1103097) - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host
    last seen2020-06-01
    modified2020-06-02
    plugin id122578
    published2019-03-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122578
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-274)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3517.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: NULL pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-05-15
    modified2019-11-06
    plugin id130547
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130547
    titleRHEL 8 : kernel (RHSA-2019:3517)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0740.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: powerpc: local user can read vector registers of other users
    last seen2020-03-18
    modified2020-03-10
    plugin id134361
    published2020-03-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134361
    titleRHEL 7 : kernel-alt (RHSA-2020:0740)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1771.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-14625 A use-after-free bug was found in the vhost driver for the Virtual Socket protocol. If this driver is used to communicate with a malicious virtual machine guest, the guest could read sensitive information from the host kernel. CVE-2018-16884 A flaw was found in the NFS 4.1 client implementation. Mounting NFS shares in multiple network namespaces at the same time could lead to a user-after-free. Local users might be able to use this for denial of service (memory corruption or crash) or possibly for privilege escalation. This can be mitigated by disabling unprivileged users from creating user namespaces, which is the default in Debian. CVE-2018-19824 Hui Peng and Mathias Payer discovered a use-after-free bug in the USB audio driver. A physically present attacker able to attach a specially designed USB device could use this for privilege escalation. CVE-2018-19985 Hui Peng and Mathias Payer discovered a missing bounds check in the hso USB serial driver. A physically present user able to attach a specially designed USB device could use this to read sensitive information from the kernel or to cause a denial of service (crash). CVE-2018-20169 Hui Peng and Mathias Payer discovered missing bounds checks in the USB core. A physically present attacker able to attach a specially designed USB device could use this to cause a denial of service (crash) or possibly for privilege escalation. CVE-2018-1000026 It was discovered that Linux could forward aggregated network packets with a segmentation size too large for the output device. In the specific case of Broadcom NetXtremeII 10Gb adapters, this would result in a denial of service (firmware crash). This update adds a mitigation to the bnx2x driver for this hardware. CVE-2019-3459, CVE-2019-3460 Shlomi Oberman, Yuli Shapiro and Karamba Security Ltd. research team discovered missing range checks in the Bluetooth L2CAP implementation. If Bluetooth is enabled, a nearby attacker could use these to read sensitive information from the kernel. CVE-2019-3701 Muyu Yu and Marcus Meissner reported that the CAN gateway implementation allowed the frame length to be modified, typically resulting in out-of-bounds memory-mapped I/O writes. On a system with CAN devices present, a local user with CAP_NET_ADMIN capability in the initial net namespace could use this to cause a crash (oops) or other hardware-dependent impact. CVE-2019-3819 A potential infinite loop was discovered in the HID debugfs interface exposed under /sys/kernel/debug/hid. A user with access to these files could use this for denial of service. This interface is only accessible to root by default, which fully mitigates the issue. CVE-2019-6974 Jann Horn reported a use-after-free bug in KVM. A local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2019-7221 Jim Mattson and Felix Wilhelm reported a user-after-free bug in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id124595
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124595
    titleDebian DLA-1771-1 : linux-4.9 security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3930-1.NASL
    descriptionMathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) Jakub Jirasek discovered a use-after-free vulnerability in the SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8956) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) It was discovered that a use-after-free vulnerability existed in the IPMI implementation in the Linux kernel. A local attacker with access to the IPMI character device files could use this to cause a denial of service (system crash). (CVE-2019-9003) Jann Horn discovered that the SNMP NAT implementation in the Linux kernel performed insufficient ASN.1 length checks. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9162) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123676
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123676
    titleUbuntu 18.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 (USN-3930-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1587.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malformed SG_IO ioctl issued for a SCSI device in the Linux kernel leads to a local kernel data leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files.(CVE-2018-1000204) - A flaw in the load_elf_binary() function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because install_exec_creds() is called too late in this function.(CVE-2019-11190) - A flaw was found in the Linux kernel in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user (
    last seen2020-05-06
    modified2019-05-29
    plugin id125514
    published2019-05-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125514
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1587)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0541-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728) CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host
    last seen2020-06-01
    modified2020-06-02
    plugin id122609
    published2019-03-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122609
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2043.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Buffer overflow in hidp_process_report (CVE-2018-9363) * kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) * kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625) * kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ ucma.c (CVE-2018-14734) * kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594) * kernel: TLB flush happens too late on mremap (CVE-2018-18281) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: Information exposure in fd_locked_ioctl function in drivers/block/ floppy.c (CVE-2018-7755) * kernel: Memory leak in drivers/net/wireless/ mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087) * kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/ hid/hid-debug.c (CVE-2018-9516) * kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053) * kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093) * kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094) * kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095) * kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658) * kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-04-23
    modified2019-08-12
    plugin id127655
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127655
    titleRHEL 7 : kernel-rt (RHSA-2019:2043)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-F812C9FB22.NASL
    descriptionThe v4.19.15 stable update contains important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-17
    plugin id121218
    published2019-01-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121218
    titleFedora 29 : kernel / kernel-headers (2019-f812c9fb22)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3930-2.NASL
    descriptionUSN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) Jakub Jirasek discovered a use-after-free vulnerability in the SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8956) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) It was discovered that a use-after-free vulnerability existed in the IPMI implementation in the Linux kernel. A local attacker with access to the IPMI character device files could use this to cause a denial of service (system crash). (CVE-2019-9003) Jann Horn discovered that the SNMP NAT implementation in the Linux kernel performed insufficient ASN.1 length checks. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9162) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123677
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123677
    titleUbuntu 18.04 LTS : linux-hwe, linux-azure vulnerabilities (USN-3930-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1304.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168) - Non-optimized code for key handling of shared futexes was found in the Linux kernel in the form of unbounded contention time due to the page lock for real-time users. Before the fix, the page lock was an unnecessarily heavy lock for the futex path that protected too much. After the fix, the page lock is only required in a specific corner case.(CVE-2018-9422) - A flaw in the load_elf_binary() function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because install_exec_creds() is called too late in this function.(CVE-2019-11190) - A flaw was found in the Linux kernel ext4 filesystem. An out-of-bound access is possible in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.(CVE-2018-10877) - A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.(CVE-2019-6133) - A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service.(CVE-2018-19985) - A flaw was found in the Linux kernel
    last seen2020-05-06
    modified2019-05-01
    plugin id124431
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124431
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1201.NASL
    descriptionA flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124654
    published2019-05-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124654
    titleAmazon Linux AMI : kernel (ALAS-2019-1201)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1289-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). CVE-2017-1000407: By flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021). CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). CVE-2017-7472: The KEYS subsystem allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target
    last seen2020-06-01
    modified2020-06-02
    plugin id125283
    published2019-05-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125283
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853) - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. (CVE-2018-14625) - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734) - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594) - A flaw was found in the Linux kernel
    last seen2020-05-08
    modified2019-10-15
    plugin id129900
    published2019-10-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129900
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-169-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126031
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126031
    titleSlackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1302.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel
    last seen2020-05-06
    modified2019-04-30
    plugin id124398
    published2019-04-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124398
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1302)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel
    last seen2020-05-08
    modified2019-12-31
    plugin id132495
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132495
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0784-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). CVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id123496
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123496
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0784-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0767-1.NASL
    descriptionThe SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166 1128378 1129016). CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id123445
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123445
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0767-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1799.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. This updated advisory text adds a note about the need to install new binary packages. CVE-2018-5995 ADLab of VenusTech discovered that the kernel logged the virtual addresses assigned to per-CPU data, which could make it easier to exploit other vulnerabilities. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Multiple researchers have discovered vulnerabilities in the way that Intel processor designs implement speculative forwarding of data filled into temporary microarchitectural structures (buffers). This flaw could allow an attacker controlling an unprivileged process to read sensitive information, including from the kernel and all other processes running on the system, or across guest/host boundaries to read host memory. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/m ds.html for more details. To fully resolve these vulnerabilities it is also necessary to install updated CPU microcode. An updated intel-microcode package (only available in Debian non-free) was provided via DLA-1789-1. The updated CPU microcode may also be available as part of a system firmware (
    last seen2020-06-01
    modified2020-06-02
    plugin id125478
    published2019-05-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125478
    titleDebian DLA-1799-2 : linux security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2029.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Buffer overflow in hidp_process_report (CVE-2018-9363) * kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) * kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625) * kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ ucma.c (CVE-2018-14734) * kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594) * kernel: TLB flush happens too late on mremap (CVE-2018-18281) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: Information exposure in fd_locked_ioctl function in drivers/block/ floppy.c (CVE-2018-7755) * kernel: Memory leak in drivers/net/wireless/ mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087) * kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/ hid/hid-debug.c (CVE-2018-9516) * kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053) * kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093) * kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094) * kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095) * kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658) * kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-04-16
    modified2019-09-11
    plugin id128651
    published2019-09-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128651
    titleCentOS 7 : kernel (CESA-2019:2029)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1636.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.(CVE-2019-11815)A flaw was found in the Linux kernel
    last seen2020-04-16
    modified2019-05-30
    plugin id125588
    published2019-05-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125588
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1636)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4670.NASL
    descriptionDescription of changes: [4.1.12-124.28.1.el7uek] - hugetlbfs: don
    last seen2020-06-01
    modified2020-06-02
    plugin id125755
    published2019-06-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125755
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2029.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Buffer overflow in hidp_process_report (CVE-2018-9363) * kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) * kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625) * kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ ucma.c (CVE-2018-14734) * kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594) * kernel: TLB flush happens too late on mremap (CVE-2018-18281) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: Information exposure in fd_locked_ioctl function in drivers/block/ floppy.c (CVE-2018-7755) * kernel: Memory leak in drivers/net/wireless/ mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087) * kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/ hid/hid-debug.c (CVE-2018-9516) * kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053) * kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093) * kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094) * kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095) * kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658) * kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-04-16
    modified2019-08-12
    plugin id127650
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127650
    titleRHEL 7 : kernel (RHSA-2019:2029)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853) - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. (CVE-2018-14625) - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734) - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594) - A flaw was found in the Linux kernel
    last seen2020-05-08
    modified2019-10-15
    plugin id129920
    published2019-10-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129920
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1201.NASL
    descriptionA flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124592
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124592
    titleAmazon Linux 2 : kernel (ALAS-2019-1201)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3309.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: NULL pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-05-08
    modified2019-11-06
    plugin id130526
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130526
    titleRHEL 8 : kernel-rt (RHSA-2019:3309)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126115
    published2019-06-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126115
    titlePhoton OS 3.0: Linux PHSA-2019-3.0-0015
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-203.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-3459,CVE-2019-3460: Two information leaks in the bluetooth stack were fixed. (bnc#1120758). - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer was fixed. (bnc#1124732). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). - CVE-2019-6974: A use-after-free in the KVM device control API was fixed. (bnc#1124728). - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). The following non-security bugs were fixed : - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be
    last seen2020-06-01
    modified2020-06-02
    plugin id122303
    published2019-02-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122303
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-203)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-509C133845.NASL
    descriptionThe v4.19.15 stable update contains important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2019-01-17
    plugin id121217
    published2019-01-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121217
    titleFedora 28 : kernel / kernel-headers (2019-509c133845)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel
    last seen2020-05-08
    modified2019-12-31
    plugin id132474
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132474
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3933-1.NASL
    descriptionIt was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information (kernel memory). (CVE-2017-1000410) It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18360) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123682
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123682
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3933-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3932-2.NASL
    descriptionUSN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18249) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) It was discovered that a use-after-free vulnerability existed in the PPP over L2TP implementation in the Linux kernel. A privileged local attacker could use this to possibly execute arbitrary code. (CVE-2018-9517) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id123681
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123681
    titleUbuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3932-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3932-1.NASL
    descriptionIt was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18249) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) It was discovered that a use-after-free vulnerability existed in the PPP over L2TP implementation in the Linux kernel. A privileged local attacker could use this to possibly execute arbitrary code. (CVE-2018-9517) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id123680
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123680
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3932-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3931-2.NASL
    descriptionUSN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service (guest VM crash). (CVE-2018-14678) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123679
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123679
    titleUbuntu 14.04 LTS / 16.04 LTS : linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle (USN-3931-2)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0024.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - hugetlbfs: don
    last seen2020-06-01
    modified2020-06-02
    plugin id125754
    published2019-06-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125754
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)

Redhat

advisories
  • rhsa
    idRHSA-2019:2029
  • rhsa
    idRHSA-2019:2043
  • rhsa
    idRHSA-2019:3309
  • rhsa
    idRHSA-2019:3517
  • rhsa
    idRHSA-2020:0740
rpms
  • bpftool-0:3.10.0-1062.el7
  • bpftool-debuginfo-0:3.10.0-1062.el7
  • kernel-0:3.10.0-1062.el7
  • kernel-abi-whitelists-0:3.10.0-1062.el7
  • kernel-bootwrapper-0:3.10.0-1062.el7
  • kernel-debug-0:3.10.0-1062.el7
  • kernel-debug-debuginfo-0:3.10.0-1062.el7
  • kernel-debug-devel-0:3.10.0-1062.el7
  • kernel-debuginfo-0:3.10.0-1062.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-1062.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-1062.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-1062.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-1062.el7
  • kernel-devel-0:3.10.0-1062.el7
  • kernel-doc-0:3.10.0-1062.el7
  • kernel-headers-0:3.10.0-1062.el7
  • kernel-kdump-0:3.10.0-1062.el7
  • kernel-kdump-debuginfo-0:3.10.0-1062.el7
  • kernel-kdump-devel-0:3.10.0-1062.el7
  • kernel-tools-0:3.10.0-1062.el7
  • kernel-tools-debuginfo-0:3.10.0-1062.el7
  • kernel-tools-libs-0:3.10.0-1062.el7
  • kernel-tools-libs-devel-0:3.10.0-1062.el7
  • perf-0:3.10.0-1062.el7
  • perf-debuginfo-0:3.10.0-1062.el7
  • python-perf-0:3.10.0-1062.el7
  • python-perf-debuginfo-0:3.10.0-1062.el7
  • kernel-rt-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-debug-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-debug-devel-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-debug-kvm-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-debuginfo-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-devel-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-doc-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-kvm-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-trace-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-trace-devel-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-trace-kvm-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-1062.rt56.1022.el7
  • kernel-rt-0:4.18.0-147.rt24.93.el8
  • kernel-rt-core-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-core-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-devel-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-kvm-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-kvm-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-modules-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-modules-extra-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-147.rt24.93.el8
  • kernel-rt-devel-0:4.18.0-147.rt24.93.el8
  • kernel-rt-kvm-0:4.18.0-147.rt24.93.el8
  • kernel-rt-kvm-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-modules-0:4.18.0-147.rt24.93.el8
  • kernel-rt-modules-extra-0:4.18.0-147.rt24.93.el8
  • bpftool-0:4.18.0-147.el8
  • bpftool-debuginfo-0:4.18.0-147.el8
  • kernel-0:4.18.0-147.el8
  • kernel-abi-whitelists-0:4.18.0-147.el8
  • kernel-core-0:4.18.0-147.el8
  • kernel-cross-headers-0:4.18.0-147.el8
  • kernel-debug-0:4.18.0-147.el8
  • kernel-debug-core-0:4.18.0-147.el8
  • kernel-debug-debuginfo-0:4.18.0-147.el8
  • kernel-debug-devel-0:4.18.0-147.el8
  • kernel-debug-modules-0:4.18.0-147.el8
  • kernel-debug-modules-extra-0:4.18.0-147.el8
  • kernel-debuginfo-0:4.18.0-147.el8
  • kernel-debuginfo-common-aarch64-0:4.18.0-147.el8
  • kernel-debuginfo-common-ppc64le-0:4.18.0-147.el8
  • kernel-debuginfo-common-s390x-0:4.18.0-147.el8
  • kernel-debuginfo-common-x86_64-0:4.18.0-147.el8
  • kernel-devel-0:4.18.0-147.el8
  • kernel-doc-0:4.18.0-147.el8
  • kernel-headers-0:4.18.0-147.el8
  • kernel-modules-0:4.18.0-147.el8
  • kernel-modules-extra-0:4.18.0-147.el8
  • kernel-tools-0:4.18.0-147.el8
  • kernel-tools-debuginfo-0:4.18.0-147.el8
  • kernel-tools-libs-0:4.18.0-147.el8
  • kernel-tools-libs-devel-0:4.18.0-147.el8
  • kernel-zfcpdump-0:4.18.0-147.el8
  • kernel-zfcpdump-core-0:4.18.0-147.el8
  • kernel-zfcpdump-debuginfo-0:4.18.0-147.el8
  • kernel-zfcpdump-devel-0:4.18.0-147.el8
  • kernel-zfcpdump-modules-0:4.18.0-147.el8
  • kernel-zfcpdump-modules-extra-0:4.18.0-147.el8
  • perf-0:4.18.0-147.el8
  • perf-debuginfo-0:4.18.0-147.el8
  • python3-perf-0:4.18.0-147.el8
  • python3-perf-debuginfo-0:4.18.0-147.el8
  • kernel-0:4.14.0-115.18.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.18.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.18.1.el7a
  • kernel-debug-0:4.14.0-115.18.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-debug-devel-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.18.1.el7a
  • kernel-devel-0:4.14.0-115.18.1.el7a
  • kernel-doc-0:4.14.0-115.18.1.el7a
  • kernel-headers-0:4.14.0-115.18.1.el7a
  • kernel-kdump-0:4.14.0-115.18.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.18.1.el7a
  • kernel-tools-0:4.14.0-115.18.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-tools-libs-0:4.14.0-115.18.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.18.1.el7a
  • perf-0:4.14.0-115.18.1.el7a
  • perf-debuginfo-0:4.14.0-115.18.1.el7a
  • python-perf-0:4.14.0-115.18.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.18.1.el7a

References