105045

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7d63fb3af87aa67aa7d24466e792f9d7c57d8e79

https://github.com/johnsonwangqize/cve-linux/blob/master/%20CVE-2018-5953.md

[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update

[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update

The remote OracleVM system is missing necessary patches to address critical security updates :

  - KVM: x86: Remove spurious semicolon (Joao Martins)     [Orabug: 31413782]

  - genirq: Use rcu in kstat_irqs_usr (Eric Dumazet)

  - genirq: Make sparse_irq_lock protect what it should     protect (Thomas Gleixner) [Orabug: 30953676]

  - genirq: Free irq_desc with rcu (Thomas Gleixner)     [Orabug: 30953676]

  - qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2     (Arun Easi) [Orabug: 30372266]

  - qla2xxx: Fix device discovery when FCP2 device is lost.
    (Arun Easi) [Orabug: 30372266]

  - brcmfmac: add subtype check for event handling in data     path (John Donnelly) [Orabug: 30776354] (CVE-2019-9503)

  - percpu-refcount: fix reference leak during percpu-atomic     transition (Douglas Miller) [Orabug: 30867060]

  - blk-mq: Allow timeouts to run while queue is freezing     (Gabriel Krisman Bertazi) [Orabug: 30867060]

  - fs/dcache.c: fix spin lockup issue on nlru->lock     (Junxiao Bi) [Orabug: 30953290]

  - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug:
    31234664]

  - mwifiex: pcie: Fix memory leak in     mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug:
    31246302] (CVE-2019-19056)

  - drm/vmwgfx: limit the number of mip levels in     vmw_gb_surface_define_ioctl (Vladis Dronov) [Orabug:
    31262557] (CVE-2017-7346)

  - i40e: Increment the driver version for FW API update     (Jack Vogel) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: Update FW API version to 1.9 (Piotr Azarewicz)     [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139)     (CVE-2019-0144)

  - i40e: Changed maximum supported FW API version to 1.8     (Adam Ludkiewicz) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8     (Scott Peterson) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: fix reading LLDP configuration (Mariusz Stachura)     [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139)     (CVE-2019-0144)

  - i40e: Add capability flag for stopping FW LLDP     (Krzysztof Galazka) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: refactor FW version checking (Mitch Williams)     [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139)     (CVE-2019-0144)

  - i40e: shutdown all IRQs and disable MSI-X when suspended     (Jacob Keller) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: prevent service task from running while we're     suspended (Jacob Keller) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: don't clear suspended state until we finish     resuming (Jacob Keller) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: use newer generic PM support instead of legacy PM     callbacks (Jacob Keller) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: use separate state bit for miscellaneous IRQ setup     (Jacob Keller) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: fix for flow director counters not wrapping as     expected (Mariusz Stachura) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: relax warning message in case of version mismatch     (Mariusz Stachura) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: simplify member variable accesses (Sudheer     Mogilappagari) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: Fix link down message when interface is brought up     (Sudheer Mogilappagari) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: Fix unqualified module message while bringing link     up (Sudheer Mogilappagari) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - HID: Fix assumption that devices have inputs (Alan     Stern) [Orabug: 31208622] (CVE-2019-19532)

  - qla2xxx: DBG: disable 3D mailbox. (Quinn Tran) [Orabug:
    30890687]

  - scsi: qla2xxx: Fix mtcp dump collection failure (Quinn     Tran) [Orabug: 30890687]

  - scsi: qla2xxx: Add Serdes support for ISP27XX (Joe     Carnuccio) [Orabug: 30890687]

  - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu)     [Orabug: 31143947] (CVE-2020-8649) (CVE-2020-8647)     (CVE-2020-8647) (CVE-2020-8649) (CVE-2020-8649)     (CVE-2020-8647)

  - HID: hiddev: do cleanup in failure of opening a device     (Hillf Danton) [Orabug: 31206360] (CVE-2019-19527)

  - HID: hiddev: avoid opening a disconnected device (Hillf     Danton) [Orabug: 31206360] (CVE-2019-19527)

  - USB: adutux: fix use-after-free on disconnect (Johan     Hovold) [Orabug: 31233769] (CVE-2019-19523)

  - ipv4: implement support for NOPREFIXROUTE ifa flag for     ipv4 address (Paolo Abeni) [Orabug: 30292825]

  - vt: selection, push sel_lock up (Jiri Slaby) [Orabug:
    30923298] (CVE-2020-8648)

  - vt: selection, push console lock down (Jiri Slaby)     [Orabug: 30923298] (CVE-2020-8648)

  - vt: selection, close sel_buffer race (Jiri Slaby)     [Orabug: 30923298] (CVE-2020-8648) (CVE-2020-8648)

  - xfs: stop searching for free slots in an inode chunk     when there are none (Carlos Maiolino) [Orabug: 31030659]

  - xfs: fix up xfs_swap_extent_forks inline extent handling     (Eric Sandeen) [Orabug: 31032831]

  - xfs: validate sb_logsunit is a multiple of the fs     blocksize (Darrick J. Wong) [Orabug: 31034071]

  - mwifiex: Fix three heap overflow at parsing element in     cfg80211_ap_settings (Wen Huang) [Orabug: 31104481]     (CVE-2019-14814) (CVE-2019-14815) (CVE-2019-14816)     (CVE-2019-14814) (CVE-2019-14815) (CVE-2019-14816)

  - rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu)     [Orabug: 30770962] (CVE-2016-5244)

  - xfs: do async inactivation only when fs freezed (Junxiao     Bi) [Orabug: 30944736]

  - xfs: fix deadlock between shrinker and fs freeze     (Junxiao Bi) [Orabug: 30944736]

  - xfs: increase the default parallelism levels of pwork     clients (Junxiao Bi) [Orabug: 30944736]

  - xfs: decide if inode needs inactivation (Junxiao Bi)     [Orabug: 30944736]

  - xfs: refactor the predicate part of xfs_free_eofblocks     (Junxiao Bi) [Orabug: 30944736]

  - floppy: check FDC index for errors before assigning it     (Linus Torvalds) [Orabug: 31067516] (CVE-2020-9383)

  - KVM: x86: clear stale x86_emulate_ctxt->intercept value     (Vitaly Kuznetsov) [Orabug: 31118691]

  - slcan: Don't transmit uninitialized stack data in     padding (Richard Palethorpe) [Orabug: 31136753]     (CVE-2020-11494)

  - rds: transport module should be auto loaded when     transport is set (Rao Shoaib) [Orabug: 31031928]

  - KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng     Li) [Orabug: 31078882]

  - vhost: Check docket sk_family instead of call getname     (Eugenio P&eacute rez) [Orabug: 31085993]     (CVE-2020-10942)

  - Revert 'oled: give panic handler chance to run before     kexec' (Wengang Wang) [Orabug: 31098797]

  - kernel: cpu.c: fix return in void function     cpu_smt_disable (Mihai Carabas) [Orabug: 31047871]

  - net: qlogic: Fix memory leak in ql_alloc_large_buffers     (Navid Emamdoost) [Orabug: 31055327] (CVE-2019-18806)

  - swiotlb: clean up reporting (Kees Cook) [Orabug:
    31085017] (CVE-2018-5953)

  - KVM: x86: Expose more Intel AVX512 feature to guest     (Luwei Kang) [Orabug: 31085086]

  - x86/cpufeature: Enable new AVX-512 features (Fenghua Yu)     [Orabug: 31085086]

  - xenbus: req->err should be updated before req->state     (Dongli Zhang) [Orabug: 30705030]

  - xenbus: req->body should be updated before req->state     (Dongli Zhang) [Orabug: 30705030]

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5649 advisory.

  - The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to     obtain sensitive address information by reading dmesg data from a software IO TLB printk call.
    (CVE-2018-5953)

  - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family     field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
    (CVE-2020-10942)

  - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the     Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by     triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. (CVE-2019-18806)

  - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux     kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka     CID-2289adbfa559. (CVE-2019-18809)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5644 advisory.

  - The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to     obtain sensitive address information by reading dmesg data from a software IO TLB printk call.
    (CVE-2018-5953)

  - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the     Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by     triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. (CVE-2019-18806)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5642 advisory.

  - The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to     obtain sensitive address information by reading dmesg data from a software IO TLB printk call.
    (CVE-2018-5953)

  - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family     field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
    (CVE-2020-10942)

  - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the     Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by     triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f. (CVE-2019-18806)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - In the Linux kernel through 4.19, a use-after-free can     occur due to a race condition between fanout_add from     setsockopt and bind on an AF_PACKET socket. This issue     exists because of the     15fe076edea787807a7cdc168df832544b58eba6 incomplete fix     for a race condition. The code mishandles a certain     multithreaded case involving a packet_do_bind     unregister action followed by a packet_notifier     register action. Later, packet_release operates on only     one of the two applicable linked lists. The attacker     can achieve Program Counter control.(CVE-2018-18559i1/4%0

  - The acpi_ns_terminate() function in     drivers/acpi/acpica/nsutils.c in the Linux kernel     before 4.12 does not flush the operand cache and causes     a kernel stack dump. A local users could obtain     sensitive information from kernel memory and bypass the     KASLR protection mechanism (in the kernel through 4.9)     via a crafted ACPI table.(CVE-2017-11472i1/4%0

  - Race condition in net/packet/af_packet.c in the Linux     kernel allows local users to cause a denial of service     (use-after-free) or possibly have unspecified other     impact via a multithreaded application that makes     PACKET_FANOUT setsockopt system calls.(CVE-2017-6346i1/4%0

  - Multiple race conditions in ipc/shm.c in the Linux     kernel before 3.12.2 allow local users to cause a     denial of service (use-after-free and system crash) or     possibly have unspecified other impact via a crafted     application that uses shmctl IPC_RMID operations in     conjunction with other shm system     calls.(CVE-2013-7026i1/4%0

  - An issue was discovered in the Linux kernel. A NULL     pointer dereference and panic in hfsplus_lookup() in     the fs/hfsplus/dir.c function can occur when opening a     file (that is purportedly a hard link) in an hfs+     filesystem that has malformed catalog data, and is     mounted read-only without a metadata     directory.(CVE-2018-14617i1/4%0

  - The treo_attach function in drivers/usb/serial/visor.c     in the Linux kernel before 4.5 allows physically     proximate attackers to cause a denial of service (NULL     pointer dereference and system crash) or possibly have     unspecified other impact by inserting a USB device that     lacks a (1) bulk-in or (2) interrupt-in     endpoint.(CVE-2016-2782i1/4%0

  - An information-exposure flaw was found in the Linux     kernel where the pcpu_embed_first_chunk() function in     mm/percpu.c allows local users to obtain kernel-object     address information by reading the kernel log (dmesg).
    However, this address is not static and cannot be used     to commit a further attack.(CVE-2018-5995i1/4%0

  - Buffer overflow in net/ceph/auth_x.c in Ceph, as used     in the Linux kernel before 3.16.3, allows remote     attackers to cause a denial of service (memory     corruption and panic) or possibly have unspecified     other impact via a long unencrypted auth     ticket.(CVE-2014-6416i1/4%0

  - It was found that the Linux kernel's ptrace subsystem     allowed a traced process' instruction pointer to be set     to a non-canonical memory address without forcing the     non-sysret code path when returning to user space. A     local, unprivileged user could use this flaw to crash     the system or, potentially, escalate their privileges     on the system.Note: The CVE-2014-4699 issue only     affected systems using an Intel CPU.(CVE-2014-4699i1/4%0

  - The snd_compr_tstamp function in     sound/core/compress_offload.c in the Linux kernel     through 4.7, as used in Android before 2016-08-05 on     Nexus 5 and 7 (2013) devices, does not properly     initialize a timestamp data structure, which allows     attackers to obtain sensitive information via a crafted     application, aka Android internal bug 28770164 and     Qualcomm internal bug CR568717.(CVE-2014-9892i1/4%0

  - A flaw was found in the way the Linux kernel's ext4     file system handled the 'page size i1/4z block size'     condition when the fallocate zero range functionality     was used. A local attacker could use this flaw to crash     the system.(CVE-2015-0275i1/4%0

  - An information leak flaw was found in the way the Linux     kernel's ISO9660 file system implementation accessed     data on an ISO9660 image with RockRidge Extension     Reference (ER) records. An attacker with physical     access to the system could use this flaw to disclose up     to 255 bytes of kernel memory.(CVE-2014-9584i1/4%0

  - The pivot_root implementation in fs/namespace.c in the     Linux kernel through 3.17 does not properly interact     with certain locations of a chroot directory, which     allows local users to cause a denial of service     (mount-tree loop) via . (dot) values in both arguments     to the pivot_root system call.(CVE-2014-7970i1/4%0

  - arch/x86/kvm/emulate.c in the Linux kernel before     4.8.12 does not properly initialize Code Segment (CS)     in certain error cases, which allows local users to     obtain sensitive information from kernel stack memory     via a crafted application.(CVE-2016-9756i1/4%0

  - A flaw was found in the Linux kernel where the     swiotlb_print_info() function in lib/swiotlb.c allows     local users to obtain some kernel address information     by reading the kernel log (dmesg). This address is not     useful to commit a further attack.(CVE-2018-5953i1/4%0

  - A flaw was found in the way the Linux kernel's file     system implementation handled rename operations in     which the source was inside and the destination was     outside of a bind mount. A privileged user inside a     container could use this flaw to escape the bind mount     and, potentially, escalate their privileges on the     system.(CVE-2015-2925i1/4%0

  - A use-after-free fault in the Linux kernel's usbtv     driver could allow an attacker to cause a denial of     service (system crash), or have unspecified other     impacts, by triggering failure of audio registration of     USB hardware using the usbtv kernel     module.(CVE-2017-17975i1/4%0

  - The mm subsystem in the Linux kernel through 4.10.10     does not properly enforce the CONFIG_STRICT_DEVMEM     protection mechanism, which allows local users to read     or write to kernel memory locations in the first     megabyte (and bypass slab-allocation access     restrictions) via an application that opens the     /dev/mem file, related to arch/x86/mm/init.c and     drivers/char/mem.c.(CVE-2017-7889i1/4%0

  - A flaw was discovered in the way the kernel allows     stackable filesystems to overlay. A local attacker who     is able to mount filesystems can abuse this flaw to     escalate privileges.(CVE-2014-9922i1/4%0

  - sound/core/timer.c in the Linux kernel before 4.4.1     retains certain linked lists after a close or stop     action, which allows local users to cause a denial of     service (system crash) via a crafted ioctl call,     related to the (1) snd_timer_close and (2)
    _snd_timer_stop functions.(CVE-2016-2548i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The linux update issued as DLA-1731-1 caused a regression in the vmxnet3 (VMware virtual network adapter) driver. This update corrects that regression, and an earlier regression in the CIFS network filesystem implementation introduced in DLA-1422-1. For reference the original advisory text follows.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2016-10741

A race condition was discovered in XFS that would result in a crash (BUG). A local user permitted to write to an XFS volume could use this for denial of service.

CVE-2017-5753

Further instances of code that was vulnerable to Spectre variant 1 (bounds-check bypass) have been mitigated.

CVE-2017-13305

A memory over-read was discovered in the keys subsystem's encrypted key type. A local user could use this for denial of service or possibly to read sensitive information.

CVE-2018-3639 (SSB)

Multiple researchers have discovered that Speculative Store Bypass (SSB), a feature implemented in many processors, could be used to read sensitive information from another context. In particular, code in a software sandbox may be able to read sensitive information from outside the sandbox. This issue is also known as Spectre variant 4.

This update fixes bugs in the mitigations for SSB for AMD processors.

CVE-2018-5848

The wil6210 wifi driver did not properly validate lengths in scan and connection requests, leading to a possible buffer overflow. On systems using this driver, a local user with the CAP_NET_ADMIN capability could use this for denial of service (memory corruption or crash) or potentially for privilege escalation.

CVE-2018-5953

The swiotlb subsystem printed kernel memory addresses to the system log, which could help a local attacker to exploit other vulnerabilities.

CVE-2018-12896, CVE-2018-13053

Team OWL337 reported possible integer overflows in the POSIX timer implementation. These might have some security impact.

CVE-2018-16862

Vasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team discovered that the cleancache memory management feature did not invalidate cached data for deleted files. On Xen guests using the tmem driver, local users could potentially read data from other users' deleted files if they were able to create new files on the same volume.

CVE-2018-16884

A flaw was found in the NFS 4.1 client implementation. Mounting NFS shares in multiple network namespaces at the same time could lead to a user-after-free. Local users might be able to use this for denial of service (memory corruption or crash) or possibly for privilege escalation.

This can be mitigated by disabling unprivileged users from creating user namespaces, which is the default in Debian.

CVE-2018-17972

Jann Horn reported that the /proc/*/stack files in procfs leaked sensitive data from the kernel. These files are now only readable by users with the CAP_SYS_ADMIN capability (usually only root)

CVE-2018-18281

Jann Horn reported a race condition in the virtual memory manager that can result in a process briefly having access to memory after it is freed and reallocated. A local user permitted to create containers could possibly exploit this for denial of service (memory corruption) or for privilege escalation.

CVE-2018-18690

Kanda Motohiro reported that XFS did not correctly handle some xattr (extended attribute) writes that require changing the disk format of the xattr. A user with access to an XFS volume could use this for denial of service.

CVE-2018-18710

It was discovered that the cdrom driver does not correctly validate the parameter to the CDROM_SELECT_DISC ioctl. A user with access to a cdrom device could use this to read sensitive information from the kernel or to cause a denial of service (crash).

CVE-2018-19824

Hui Peng and Mathias Payer discovered a use-after-free bug in the USB audio driver. A physically present attacker able to attach a specially designed USB device could use this for privilege escalation.

CVE-2018-19985

Hui Peng and Mathias Payer discovered a missing bounds check in the hso USB serial driver. A physically present user able to attach a specially designed USB device could use this to read sensitive information from the kernel or to cause a denial of service (crash).

CVE-2018-20169

Hui Peng and Mathias Payer discovered missing bounds checks in the USB core. A physically present attacker able to attach a specially designed USB device could use this to cause a denial of service (crash) or possibly for privilege escalation.

CVE-2018-20511

InfoSect reported an information leak in the AppleTalk IP/DDP implemntation. A local user with CAP_NET_ADMIN capability could use this to read sensitive information from the kernel.

CVE-2019-3701

Muyu Yu and Marcus Meissner reported that the CAN gateway implementation allowed the frame length to be modified, typically resulting in out-of-bounds memory-mapped I/O writes. On a system with CAN devices present, a local user with CAP_NET_ADMIN capability in the initial net namespace could use this to cause a crash (oops) or other hardware-dependent impact.

CVE-2019-3819

A potential infinite loop was discovered in the HID debugfs interface exposed under /sys/kernel/debug/hid. A user with access to these files could use this for denial of service.

This interface is only accessible to root by default, which fully mitigates the issue.

CVE-2019-6974

Jann Horn reported a use-after-free bug in KVM. A local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.

CVE-2019-7221

Jim Mattson and Felix Wilhelm reported a user-after-free bug in KVM's nested VMX implementation. On systems with Intel CPUs, a local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.

Nested VMX is disabled by default, which fully mitigates the issue.

CVE-2019-7222

Felix Wilhelm reported an information leak in KVM for x86. A local user with access to /dev/kvm could use this to read sensitive information from the kernel.

CVE-2019-9213

Jann Horn reported that privileged tasks could cause stack segments, including those in other processes, to grow downward to address 0. On systems lacking SMAP (x86) or PAN (ARM), this exacerbated other vulnerabilities: a NULL pointer dereference could be exploited for privilege escalation rather than only for denial of service.

For Debian 8 'Jessie', these problems have been fixed in version 3.16.64-1.

We recommend that you upgrade your linux packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
137128	OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0019)	Nessus	OracleVM Local Security Checks	high
135574	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5649)	Nessus	Oracle Linux Local Security Checks	medium
135432	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5644)	Nessus	Oracle Linux Local Security Checks	medium
135381	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5642)	Nessus	Oracle Linux Local Security Checks	medium
124977	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1524)	Nessus	Huawei Local Security Checks	high
123420	Debian DLA-1731-2 : linux regression update (Spectre)	Nessus	Debian Local Security Checks	medium

CVE-2018-5953

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

medium

medium

medium

high

medium