https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.15

USN-4031-1

[oss-security] 20190625 CVE-2019-12817: Linux kernel: powerpc: Unrelated processes may be able to read/write to each other's virtual memory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca72d88378b2f2444d3ec145dd442d449d3fefbc

108884

FEDORA-2019-6817686c4d

FEDORA-2019-69c132b061

openSUSE-SU-2019:1757

DSA-4495

20190812 [SECURITY] [DSA 4495-1] linux security update

https://support.f5.com/csp/article/K12876166

RHSA-2019:2703

https://support.f5.com/csp/article/K12876166?utm_source=f5support&amp;utm_medium=RSS

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2703 advisory.

  - kernel: Use-after-free in sound/usb/card.c:usb_audio_probe() (CVE-2018-19824)

  - kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)

  - kernel: ppc: unrelated processes being able to read/write to each other's virtual memory (CVE-2019-12817)

  - kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c     (CVE-2019-3846)

  - Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS (CVE-2019-3887)

  - kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)

  - kernel: brcmfmac frame validation bypass (CVE-2019-9503)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here :

https://www.intel.com/content/dam/www/public/us/en/documents/corporate
-info rmation/SA00233-microcode-update-guidance_05132019.
(bsc#1103186)CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here :

https://www.intel.com/content/dam/www/public/us/en/documents/corporate
-info rmation/SA00233-microcode-update-guidance_05132019.
(bsc#1111331)CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586)

CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699).

CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bsc#1133188)

CVE-2019-11811: An issue was discovered in the Linux kernel There was a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module was removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397)

CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests.
(bsc#1133190)

CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293)

CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281)

CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843)

CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603)

CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bsc#1134848)

CVE-2019-9500: An issue was discovered that lead to brcmfmac heap buffer overflow. (bsc#1132681)

CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access.
(bsc#1135278)

CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bsc#1135278)

CVE-2018-16880: A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may have lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bsc#1122767)

CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291)

CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permitted violation of the user's locked memory limit. If a device was bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may have caused a system memory exhaustion and thus a denial of service (DoS). (bsc#1131427)

CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bsc#1136424)

CVE-2019-8564: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132673)

CVE-2019-9503: An issue was discoved which meant that brcmfmac frame validation could be bypassed. (bsc#1132828)

CVE-2019-9003: In the Linux kernel, attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop. (bsc#1126704)

CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection.

CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data.
Further, it would consume additional resources such as CPU and NIC processing power.

CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103).

CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).

CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263).

CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).

CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577).

CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).

CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738).

CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454).

CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045).

CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358).

CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399).

CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023)

CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame.
(bnc#1142254)

CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default.
(bnc#1143191)

CVE-2019-14284: In the Linux kernel, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero.
(bnc#1143189)

CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in
_ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability.
NOTE: a third-party reports that this is unexploitable because the doubly fetched value is not used. (bsc#1136922)

CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.
(bsc#1136598)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2703 advisory.

  - In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by     supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in     sound/usb/card.c. (CVE-2018-19824)

  - The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable     to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event     frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This     vulnerability can be exploited with compromised chipsets to compromise the host, or when used in     combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-     crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a     vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
    (CVE-2019-9500)

  - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the     mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)

  - The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable     to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source,     the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver     receives the firmware event frame from the host, the appropriate handler is called. This frame validation     can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event     frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi     packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
    More typically, this vulnerability will result in denial-of-service conditions. (CVE-2019-9503)

  - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-     free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,     include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can     occur with FUSE requests. (CVE-2019-11487)

  - A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with     nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest,     when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel     resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. (CVE-2019-3887)

  - arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where     unrelated processes may be able to read/write to one another's virtual memory under certain conditions via     an mmap above 512 TB. Only a subset of powerpc systems are affected. (CVE-2019-12817)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es) :

* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)

* Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS (CVE-2019-3887)

* kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500)

* kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)

* kernel: ppc: unrelated processes being able to read/write to each other's virtual memory (CVE-2019-12817)

* kernel: Use-after-free in sound/usb/card.c:usb_audio_probe() (CVE-2018-19824)

* kernel: brcmfmac frame validation bypass (CVE-2019-9503)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es) :

* [DELL EMC 8.0 BUG]: pciehp deadlock resulting in NVMe device not being recognized when hot plugged (BZ#1712261)

* Host crashed while try to boot a compatible guest attached huge page by'-object memory-backend-file *'[1G-P9] (BZ#1714758)

* Setting malformed authenc key will crash the system (BZ#1715335)

* BUG: memory allocation failure in inode_doinit_with_dentry()/context_to_sid () (BZ#1717780)

* [HPEMC 8.1 BUG] Protect against concurrent calls into UV BIOS (BZ#1724534)

* PHC jumping on I350 (igb) (BZ#1726352)

* aarch64 kernel missing vulnerabilities status files (BZ#1726353)

* BUG: KASAN: use-after-free in skb_release_data() (BZ#1726354)

* [RHEL8][PANIC][aarch64] kernel panic when loading the dme1737 module (BZ# 1726355)

* [RHEL8] [aarch64] Changes for BZ1672997 break kaslr (BZ#1726357)

* Network fails to come up when booting with kernel 3.10.0-862.el7.x86_64, several hung tasks can be seen in logs.
(BZ#1726358)

* [Intel] 'cpupower frequency-set' produces unexpected results for some processors (BZ#1726360)

* HDMI/DP audio: ELD not updated on hotplug event (BZ#1726361)

* [mlx5_core] CX5 Adapter works not as expected when MTU is 9000, Unable to handle kernel paging request at virtual address 3ae0aafeff4b6b5a (BZ# 1726372)

* [DELL 8.0 Bug] - hid-multitouch 0018:1FD2:8008.0001 ,lost function from S3 resume (BZ#1727098)

* [RHEL8.1 Pre Beta] [Power8] data corruption while returning from watchpoint exception handler (BZ#1733281)

* RHEL8.1 pre-Beta - cacheinfo code unsafe vs LPM (BZ#1733282)

* RHEL8.1 pre-Beta - [ZZ/Zeppelin] [kernel-4.18.0-100.el8.ppc64le] Hash MMU allows child to write parents process address space (BZ#1734689)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

  - CVE-2018-20836     chenxiang reported a race condition in libsas, the     kernel subsystem supporting Serial Attached SCSI (SAS)     devices, which could lead to a use-after-free. It is not     clear how this might be exploited.

  - CVE-2019-1125     It was discovered that most x86 processors could     speculatively skip a conditional SWAPGS instruction used     when entering the kernel from user mode, and/or could     speculatively execute it when it should be skipped. This     is a subtype of Spectre variant 1, which could allow     local users to obtain sensitive information from the     kernel or other processes. It has been mitigated by     using memory barriers to limit speculative execution.
    Systems using an i386 kernel are not affected as the     kernel does not use SWAPGS.

  - CVE-2019-1999     A race condition was discovered in the Android binder     driver, which could lead to a use-after-free. If this     driver is loaded, a local user might be able to use this     for denial-of-service (memory corruption) or for     privilege escalation.

  - CVE-2019-10207     The syzkaller tool found a potential null dereference in     various drivers for UART-attached Bluetooth adapters. A     local user with access to a pty device or other suitable     tty device could use this for denial-of-service     (BUG/oops).

  - CVE-2019-10638     Amit Klein and Benny Pinkas discovered that the     generation of IP packet IDs used a weak hash function,     'jhash'. This could enable tracking individual computers     as they communicate with different remote servers and     from different networks. The 'siphash' function is now     used instead.

  - CVE-2019-12817     It was discovered that on the PowerPC (ppc64el)     architecture, the hash page table (HPT) code did not     correctly handle fork() in a process with memory mapped     at addresses above 512 TiB. This could lead to a     use-after-free in the kernel, or unintended sharing of     memory between user processes. A local user could use     this for privilege escalation. Systems using the radix     MMU, or a custom kernel with a 4 KiB page size, are not     affected.

  - CVE-2019-12984     It was discovered that the NFC protocol implementation     did not properly validate a netlink control message,     potentially leading to a NULL pointer dereference. A     local user on a system with an NFC interface could use     this for denial-of-service (BUG/oops).

  - CVE-2019-13233     Jann Horn discovered a race condition on the x86     architecture, in use of the LDT. This could lead to a     use-after-free. A local user could possibly use this for     denial-of-service.

  - CVE-2019-13631     It was discovered that the gtco driver for USB input     tablets could overrun a stack buffer with constant data     while parsing the device's descriptor. A physically     present user with a specially constructed USB device     could use this to cause a denial-of-service (BUG/oops),     or possibly for privilege escalation.

  - CVE-2019-13648     Praveen Pandey reported that on PowerPC (ppc64el)     systems without Transactional Memory (TM), the kernel     would still attempt to restore TM state passed to the     sigreturn() system call. A local user could use this for     denial-of-service (oops).

  - CVE-2019-14283     The syzkaller tool found a missing bounds check in the     floppy disk driver. A local user with access to a floppy     disk device, with a disk present, could use this to read     kernel memory beyond the I/O buffer, possibly obtaining     sensitive information.

  - CVE-2019-14284     The syzkaller tool found a potential division-by-zero in     the floppy disk driver. A local user with access to a     floppy disk device could use this for denial-of-service     (oops).

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The kernel package contains the Linux kernel (vmlinuz),     the core of any Linux operating system. The kernel     handles the basic functions of the operating system:
    memory allocation, process allocation, device input and     output, etc.Security Fix(es):An integer overflow flaw     was found in the way the Linux kernel's networking     subsystem processed TCP Selective Acknowledgment (SACK)     segments. While processing SACK segments, the Linux     kernel's socket buffer (SKB) data structure becomes     fragmented. Each fragment is about TCP maximum segment     size (MSS) bytes. To efficiently process SACK blocks,     the Linux kernel merges multiple fragmented SKBs into     one, potentially overflowing the variable holding the     number of segments. A remote attacker could use this     flaw to crash the Linux kernel by sending a crafted     sequence of SACK segments on a TCP connection with     small value of TCP MSS, resulting in a denial of     service (DoS). (CVE-2019-11477)Kernel: tcp: excessive     resource consumption while processing SACK blocks     allows remote denial of service (CVE-2019-11478)Kernel:
    tcp: excessive resource consumption for TCP connections     with low MSS allows remote denial of service     (CVE-2019-11479)A flaw was found in the way the Linux     kernel's memory subsystem on certain 64-bit PowerPCs     with the hash page table MMU handled memory above     512TB. A local, unprivileged user could use this flaw     to escalate their privileges on the     system.(CVE-2019-12817)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

This update adds support for the Hygon Dhyana CPU (fate#327735).

The following security bugs were fixed :

CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).

CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103).

CVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to v5.1.15

----

Update to v5.1.14

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the Linux kernel did not properly separate certain memory mappings when creating new userspace processes on 64-bit Power (ppc64el) systems. A local attacker could use this to access memory contents or cause memory corruption of other processes on the system.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
145668	CentOS 8 : kernel (CESA-2019:2703)	Nessus	CentOS Local Security Checks	high
129284	SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)	Nessus	SuSE Local Security Checks	high
128845	Oracle Linux 8 : kernel (ELSA-2019-2703)	Nessus	Oracle Linux Local Security Checks	high
128665	RHEL 8 : kernel (RHSA-2019:2703)	Nessus	Red Hat Local Security Checks	high
127491	Debian DSA-4495-1 : linux - security update	Nessus	Debian Local Security Checks	high
127029	EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-1792)	Nessus	Huawei Local Security Checks	high
126897	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1757)	Nessus	SuSE Local Security Checks	high
126499	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1744-1)	Nessus	SuSE Local Security Checks	high
126449	Fedora 29 : kernel / kernel-headers (2019-69c132b061)	Nessus	Fedora Local Security Checks	high
126357	Fedora 30 : kernel / kernel-headers (2019-6817686c4d)	Nessus	Fedora Local Security Checks	high
126241	Ubuntu 18.04 LTS / 18.10 / 19.04 : Linux kernel vulnerability (USN-4031-1)	Nessus	Ubuntu Local Security Checks	high

CVE-2019-12817

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high