https://lore.kernel.org/patchwork/patch/1106884/

https://lore.kernel.org/patchwork/patch/1126650/

https://security.netapp.com/advisory/ntap-20191004-0001/

https://support.f5.com/csp/article/K03814795?utm_source=f5support&amp;utm_medium=RSS

USN-4414-1

USN-4425-1

USN-4439-1

USN-4440-1

It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash).
(CVE-2019-19462) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel.
(CVE-2019-20908) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges.
(CVE-2020-10757) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable indirect branch speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact.
(CVE-2020-13974) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2020-15780).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19036) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations.
A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2020-10732) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges.
(CVE-2020-10757) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable indirect branch speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact.
(CVE-2020-13974) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. (CVE-2019-20908) Jason A.
Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel.
(CVE-2020-15780).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations. A local attacker could possibly use this to cause a denial of service (system crash).
(CVE-2019-19462) Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service. (CVE-2020-11935) Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel.
(CVE-2020-15780).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the network block device (nbd) implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16089) It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19036, CVE-2019-19318, CVE-2019-19813, CVE-2019-19816) It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service (system crash). (CVE-2019-19377) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly check return values in some situations.
A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19462) Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2020-10711) It was discovered that the SCSI generic (sg) driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-12770) It was discovered that the USB Gadget device driver in the Linux kernel did not validate arguments passed from configfs in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-13143) It was discovered that the efi subsystem in the Linux kernel did not handle memory allocation failures during early boot in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12380) It was discovered that the btrfs file system in the Linux kernel in some error conditions could report register information to the dmesg buffer. A local attacker could possibly use this to expose sensitive information. (CVE-2019-19039).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The kernel package contains the Linux kernel (vmlinuz),     the core of any Linux operating system. The kernel     handles the basic functions of the operating system:
    memory allocation, process allocation, device input and     output, etc. Security Fix(es):An issue was discovered     in the Linux kernel before 5.2.3. There is a     use-after-free caused by a malicious USB device in the     drivers/media/usb/dvb-usb/dvb-usb-init.c     driver.(CVE-2019-15213)An issue was discovered in the     Linux kernel before 5.2.6. There is a use-after-free     caused by a malicious USB device in the     drivers/media/usb/cpia2/cpia2_usb.c     driver.(CVE-2019-15215)An issue was discovered in the     Linux kernel before 5.2.3. There is a NULL pointer     dereference caused by a malicious USB device in the     drivers/media/usb/zr364xx/zr364xx.c     driver.(CVE-2019-15217)An issue was discovered in the     Linux kernel before 5.1.8. There is a double-free     caused by a malicious USB device in the     drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An     issue was discovered in the Linux kernel before 5.0.14.
    There is a NULL pointer dereference caused by a     malicious USB device in the drivers/usb/misc/yurex.c     driver.(CVE-2019-15216)An issue was discovered in     drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before     5.1.12. In the qedi_dbg_* family of functions, there is     an out-of-bounds read.(CVE-2019-15090)An issue was     discovered in the Linux kernel before 5.0.9. There is a     NULL pointer dereference for a cd data structure if     alloc_disk fails in     drivers/block/paride/pf.c.(CVE-2019-15923)An issue was     discovered in the Linux kernel before 5.0.10.
    SMB2_negotiate in fs/cifs/smb2pdu.c has an     out-of-bounds read because data structures are     incompletely updated after a change from smb30 to     smb21.(CVE-2019-15918)An issue was discovered in the     Linux kernel before 5.0.9. There is a NULL pointer     dereference for a pf data structure if alloc_disk fails     in drivers/block/paride/pf.c.(CVE-2019-15922)An issue     was discovered in the Linux kernel before 5.2.3. Out of     bounds access exists in the functions     ath6kl_wmi_pstream_timeout_event_rx and     ath6kl_wmi_cac_event_rx in the file     driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An     issue was discovered in the Linux kernel before 5.0.11.
    fm10k_init_module in     driverset/ethernet/intel/fm10k/fm10k_main.c has a NULL     pointer dereference because there is no -ENOMEM upon an     alloc_workqueue failure.(CVE-2019-15924)A buffer     overflow flaw was found, in versions from 2.6.34 to     5.2.x, in the way Linux kernel's vhost functionality     that translates virtqueue buffers to IOVs, logged the     buffer descriptors during migration. A privileged guest     user able to pass descriptors with invalid length to     the host when migration is underway, could use this     flaw to increase their privileges on the     host.(CVE-2019-14835)In the Linux kernel through 5.2.14     on the powerpc platform, a local user can read vector     registers of other users' processes via an interrupt.
    To exploit the venerability, a local user starts a     transaction (via the hardware transactional memory     instruction tbegin) and then accesses vector registers.
    At some point, the vector registers will be corrupted     with the values from a different local Linux process,     because MSR_TM_ACTIVE is misused in     arch/powerpc/kernel/process.c.(CVE-2019-15031)In the     Linux kernel through 5.2.14 on the powerpc platform, a     local user can read vector registers of other users'     processes via a Facility Unavailable exception. To     exploit the venerability, a local user starts a     transaction (via the hardware transactional memory     instruction tbegin) and then accesses vector registers.
    At some point, the vector registers will be corrupted     with the values from a different local Linux process     because of a missing arch/powerpc/kernel/process.c     check.(CVE-2019-15030)There is heap-based buffer     overflow in kernel, all versions up to, excluding 5.3,     in the marvell wifi chip driver in Linux kernel, that     allows local users to cause a denial of service(system     crash) or possibly execute arbitrary     code.(CVE-2019-14816)A vulnerability was found in Linux     Kernel, where a Heap Overflow was found in     mwifiex_set_wmm_params() function of Marvell Wifi     Driver.(CVE-2019-14815)There is heap-based buffer     overflow in Linux kernel, all versions up to, excluding     5.3, in the marvell wifi chip driver in Linux kernel,     that allows local users to cause a denial of     service(system crash) or possibly execute arbitrary     code.(CVE-2019-14814)driverset/wireless/ath/ath10k/usb.
    c in the Linux kernel through 5.2.8 has a NULL pointer     dereference via an incomplete address in an endpoint     descriptor.(CVE-2019-15099)driverset/wireless/ath/ath6k     l/usb.c in the Linux kernel through 5.2.8 has a NULL     pointer dereference via an incomplete address in an     endpoint     descriptor.(CVE-2019-15098)driverset/wireless/rsi/rsi_9     1x_usb.c in the Linux kernel through 5.2.9 has a Double     Free via crafted USB device traffic (which may be     remote via usbip or usbredir).CVE-2019-15504)In the     Linux kernel before 5.2.14, rds6_inc_info_copy in     net/rds/recv.c allows attackers to obtain sensitive     information from kernel stack memory because tos and     flags fields are not     initialized.(CVE-2019-16714)drivers/scsi/qla2xxx/qla_os     .c in the Linux kernel 5.2.14 does not check the     alloc_workqueue return value, leading to a NULL pointer     dereference.(CVE-2019-16233)An issue was discovered in     the Linux kernel through 5.2.13. nbd_genl_status in     drivers/blockbd.c does not check the     nla_nest_start_noflag return     value.(CVE-2019-16089)llcp_sock_create in     netfc/llcp_sock.c in the AF_NFC network module in the     Linux kernel through 5.3.2 does not enforce     CAP_NET_RAW, which means that unprivileged users can     create a raw socket, aka     CID-3a359798b176.(CVE-2019-17056)base_sock_create in     drivers/isdn/mISDN/socket.c in the AF_ISDN network     module in the Linux kernel through 5.3.2 does not     enforce CAP_NET_RAW, which means that unprivileged     users can create a raw socket, aka     CID-b91ee4aa2a21.(CVE-2019-17055)atalk_create in     net/appletalk/ddp.c in the AF_APPLETALK network module     in the Linux kernel through 5.3.2 does not enforce     CAP_NET_RAW, which means that unprivileged users can     create a raw socket, aka     CID-6cc03e8aa36c.(CVE-2019-17054)ieee802154_create in     net/ieee802154/socket.c in the AF_IEEE802154 network     module in the Linux kernel through 5.3.2 does not     enforce CAP_NET_RAW, which means that unprivileged     users can create a raw socket, aka     CID-e69dbd4619e7.(CVE-2019-17053)ax25_create in     net/ax25/af_ax25.c in the AF_AX25 network module in the     Linux kernel through 5.3.2 does not enforce     CAP_NET_RAW, which means that unprivileged users can     create a raw socket, aka     CID-0614e2b73768.(CVE-2019-17052)An issue was     discovered in write_tpt_entry in     drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel     through 5.3.2. The cxgb4 driver is directly calling     dma_map_single (a DMA function) from a stack variable.
    This could allow an attacker to trigger a Denial of     Service, exploitable if this driver is used on an     architecture for which this stack/DMA interaction has     security relevance.(CVE-2019-17075)rtl_p2p_noa_ie in     driverset/wireless/realtek/rtlwifi/ps.c in the Linux     kernel through 5.3.6 lacks a certain upper-bound check,     leading to a buffer overflow.(CVE-2019-17666)In the     Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid     in net/wireless/wext-sme.c does not reject a long SSID     IE, leading to a Buffer Overflow.(CVE-2019-17133)An     issue was discovered in net/wirelessl80211.c in the     Linux kernel through 5.2.17. It does not check the     length of variable elements in a beacon head, leading     to a buffer overflow.(CVE-2019-16746)Insufficient     access control in the Intel(R) PROSet/Wireless WiFi     Software driver before version 21.10 may allow an     unauthenticated user to potentially enable denial of     service via adjacent     access.(CVE-2019-0136)driverset/wireless/intel/iwlwifi/     pcie/trans.c in the Linux kernel 5.2.14 does not check     the alloc_workqueue return value, leading to a NULL     pointer dereference.(CVE-2019-16234)A memory leak in     the ql_alloc_large_buffers() function in     driverset/ethernet/qlogic/qla3xxx.c in the Linux kernel     before 5.3.5 allows local users to cause a denial of     service (memory consumption) by triggering     pci_dma_mapping_error() failures, aka     CID-1acb8f2a7a9f.(CVE-2019-18806)A memory leak in the     dwc3_pci_probe() function in     drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through     5.3.9 allows attackers to cause a denial of service     (memory consumption) by triggering     platform_device_add_properties() failures, aka     CID-9bbfceea12a8.(CVE-2019-18813)A memory leak in the     af9005_identify_state() function in     drivers/media/usb/dvb-usb/af9005.c in the Linux kernel     through 5.3.9 allows attackers to cause a denial of     service (memory consumption), aka     CID-2289adbfa559.(CVE-2019-18809)fs/btrfs/volumes.c in     the Linux kernel before 5.1 allows a     btrfs_verify_dev_extents NULL pointer dereference via a     crafted btrfs image because fs_devices->devices is     mishandled within find_device, aka     CID-09ba3bc9dd15.(CVE-2019-18885)A memory leak in the     ccp_run_sha_cmd() function in     drivers/crypto/ccp/ccp-ops.c in the Linux kernel     through 5.3.9 allows attackers to cause a denial of     service (memory consumption), aka     CID-128c66429247.(CVE-2019-18808)A memory leak in the     bfad_im_get_stats() function in     drivers/scsi/bfa/bfad_attr.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of     service (memory consumption) by triggering     bfa_port_get_stats() failures, aka     CID-0e62395da2bd.(CVE-2019-19066)Note:
    kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions     in EulerOS Virtualization for ARM 64 3.0.2.0 return     incorrect time information when executing the uname -a     command.

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux     kernel through 5.2.9 has a Double Free via crafted USB     device traffic (which may be remote via usbip or     usbredir).(CVE-2019-15504)

  - In the Linux kernel before 5.2.14, rds6_inc_info_copy     in net/rds/recv.c allows attackers to obtain sensitive     information from kernel stack memory because tos and     flags fields are not initialized.(CVE-2019-16714)

  - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel     5.2.14 does not check the alloc_workqueue return value,     leading to a NULL pointer dereference.(CVE-2019-16233)

  - An issue was discovered in the Linux kernel through     5.2.13. nbd_genl_status in drivers/block/nbd.c does not     check the nla_nest_start_noflag return     value.(CVE-2019-16089)

  - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC     network module in the Linux kernel through 5.3.2 does     not enforce CAP_NET_RAW, which means that unprivileged     users can create a raw socket, aka     CID-3a359798b176.(CVE-2019-17056)

  - base_sock_create in drivers/isdn/mISDN/socket.c in the     AF_ISDN network module in the Linux kernel through     5.3.2 does not enforce CAP_NET_RAW, which means that     unprivileged users can create a raw socket, aka     CID-b91ee4aa2a21.(CVE-2019-17055)

  - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK     network module in the Linux kernel through 5.3.2 does     not enforce CAP_NET_RAW, which means that unprivileged     users can create a raw socket, aka     CID-6cc03e8aa36c.(CVE-2019-17054)

  - ieee802154_create in net/ieee802154/socket.c in the     AF_IEEE802154 network module in the Linux kernel     through 5.3.2 does not enforce CAP_NET_RAW, which means     that unprivileged users can create a raw socket, aka     CID-e69dbd4619e7.(CVE-2019-17053)

  - ax25_create in net/ax25/af_ax25.c in the AF_AX25     network module in the Linux kernel through 5.3.2 does     not enforce CAP_NET_RAW, which means that unprivileged     users can create a raw socket, aka     CID-0614e2b73768.(CVE-2019-17052)

  - An issue was discovered in write_tpt_entry in     drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel     through 5.3.2. The cxgb4 driver is directly calling     dma_map_single (a DMA function) from a stack variable.
    This could allow an attacker to trigger a Denial of     Service, exploitable if this driver is used on an     architecture for which this stack/DMA interaction has     security relevance.(CVE-2019-17075)

  - rtl_p2p_noa_ie in     drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux     kernel through 5.3.6 lacks a certain upper-bound check,     leading to a buffer overflow.(CVE-2019-17666)

  - In the Linux kernel through 5.3.2,     cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c     does not reject a long SSID IE, leading to a Buffer     Overflow.(CVE-2019-17133)

  - An issue was discovered in net/wireless/nl80211.c in     the Linux kernel through 5.2.17. It does not check the     length of variable elements in a beacon head, leading     to a buffer overflow.(CVE-2019-16746)

  - Insufficient access control in the Intel(R)     PROSet/Wireless WiFi Software driver before version     21.10 may allow an unauthenticated user to potentially     enable denial of service via adjacent     access.(CVE-2019-0136)

  - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the     Linux kernel 5.2.14 does not check the alloc_workqueue     return value, leading to a NULL pointer     dereference.(CVE-2019-16234)

  - A memory leak in the ql_alloc_large_buffers() function     in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux     kernel before 5.3.5 allows local users to cause a     denial of service (memory consumption) by triggering     pci_dma_mapping_error() failures, aka     CID-1acb8f2a7a9f.(CVE-2019-18806)

  - A memory leak in the dwc3_pci_probe() function in     drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through     5.3.9 allows attackers to cause a denial of service     (memory consumption) by triggering     platform_device_add_properties() failures, aka     CID-9bbfceea12a8.(CVE-2019-18813)

  - A memory leak in the af9005_identify_state() function     in drivers/media/usb/dvb-usb/af9005.c in the Linux     kernel through 5.3.9 allows attackers to cause a denial     of service (memory consumption), aka     CID-2289adbfa559.(CVE-2019-18809)

  - A memory leak in the ccp_run_sha_cmd() function in     drivers/crypto/ccp/ccp-ops.c in the Linux kernel     through 5.3.9 allows attackers to cause a denial of     service (memory consumption), aka     CID-128c66429247.(CVE-2019-18808)

  - A memory leak in the bfad_im_get_stats() function in     drivers/scsi/bfa/bfad_attr.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of     service (memory consumption) by triggering     bfa_port_get_stats() failures, aka     CID-0e62395da2bd.(CVE-2019-19066)

  - A memory leak in the ath9k_wmi_cmd() function in     drivers/net/wireless/ath/ath9k/wmi.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption), aka     CID-728c1e2a05e4.(CVE-2019-19074)

  - A vulnerability in the web server of Cisco Integrated     Management Controller (IMC) could allow an     authenticated, remote attacker to set sensitive     configuration values and gain elevated privileges. The     vulnerability is due to improper handling of substring     comparison operations that are performed by the     affected software. An attacker could exploit this     vulnerability by sending a crafted HTTP request to the     affected software. A successful exploit could allow the     attacker with read-only privileges to gain     administrator privileges.(CVE-2019-19073)

  - Two memory leaks in the rtl_usb_probe() function in     drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux     kernel through 5.3.11 allow attackers to cause a denial     of service (memory consumption), aka     CID-3f9361695113.(CVE-2019-19063)

  - Two memory leaks in the mwifiex_pcie_init_evt_ring()     function in drivers/net/wireless/marvell/mwifiex/pcie.c     in the Linux kernel through 5.3.11 allow attackers to     cause a denial of service (memory consumption) by     triggering mwifiex_map_pci_memory() failures, aka     CID-d10dcb615c8e.(CVE-2019-19057)

  - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf()     function in drivers/net/wireless/marvell/mwifiex/pcie.c     in the Linux kernel through 5.3.11 allows attackers to     cause a denial of service (memory consumption) by     triggering mwifiex_map_pci_memory() failures, aka     CID-db8fd2cde932.(CVE-2019-19056)

  - A memory leak in the gs_can_open() function in     drivers/net/can/usb/gs_usb.c in the Linux kernel before     5.3.11 allows attackers to cause a denial of service     (memory consumption) by triggering usb_submit_urb()     failures, aka CID-fb5be6a7b486.(CVE-2019-19052)

  - An issue was discovered in the Linux kernel through     5.3.9. There is a use-after-free when aa_label_parse()     fails in aa_audit_rule_init() in     security/apparmor/audit.c.(CVE-2019-18814)

  - Memory leaks in *clock_source_create() functions under     drivers/gpu/drm/amd/display/dc in the Linux kernel     before 5.3.8 allow attackers to cause a denial of     service (memory consumption). This affects the     dce112_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c     , the dce100_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c     , the dcn10_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,     the dcn20_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c,     the dce120_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c     , the dce110_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c     , and the dce80_clock_source_create() function in     drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c,     aka CID-055e547478a1.(CVE-2019-19083)

  - Memory leaks in *create_resource_pool() functions under     drivers/gpu/drm/amd/display/dc in the Linux kernel     through 5.3.11 allow attackers to cause a denial of     service (memory consumption). This affects the     dce120_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c     , the dce110_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c     , the dce100_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c     , the dcn10_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,     and the dce112_create_resource_pool() function in     drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c     , aka CID-104c307147ad.(CVE-2019-19082)

  - A memory leak in the nfp_flower_spawn_vnic_reprs()     function in     drivers/net/ethernet/netronome/nfp/flower/main.c in the     Linux kernel before 5.3.4 allows attackers to cause a     denial of service (memory consumption), aka     CID-8ce39eb5a67a.(CVE-2019-19081)

  - Four memory leaks in the nfp_flower_spawn_phy_reprs()     function in     drivers/net/ethernet/netronome/nfp/flower/main.c in the     Linux kernel before 5.3.4 allow attackers to cause a     denial of service (memory consumption), aka     CID-8572cea1461a.(CVE-2019-19080)

  - A memory leak in the qrtr_tun_write_iter() function in     net/qrtr/tun.c in the Linux kernel before 5.3 allows     attackers to cause a denial of service (memory     consumption), aka CID-a21b7f0cff19.(CVE-2019-19079)

  - A memory leak in the ath10k_usb_hif_tx_sg() function in     drivers/net/wireless/ath/ath10k/usb.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     usb_submit_urb() failures, aka     CID-b8d17e7d93d2.(CVE-2019-19078)

  - A memory leak in the bnxt_re_create_srq() function in     drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     copy to udata failures, aka     CID-4a9d46a9fe14.(CVE-2019-19077)

  - A memory leak in the ca8210_probe() function in     drivers/net/ieee802154/ca8210.c in the Linux kernel     before 5.3.8 allows attackers to cause a denial of     service (memory consumption) by triggering     ca8210_get_platform_data() failures, aka     CID-6402939ec86e.(CVE-2019-19075)

  - A memory leak in the rsi_send_beacon() function in     drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     rsi_prepare_beacon() failures, aka     CID-d563131ef23c.(CVE-2019-19071)

  - A memory leak in the rtl8xxxu_submit_int_urb() function     in     drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c     in the Linux kernel through 5.3.11 allows attackers to     cause a denial of service (memory consumption) by     triggering usb_submit_urb() failures, aka     CID-a2cdd07488e6.(CVE-2019-19068)

  - ** DISPUTED ** Four memory leaks in the acp_hw_init()     function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in     the Linux kernel before 5.3.8 allow attackers to cause     a denial of service (memory consumption) by triggering     mfd_add_hotplug_devices() or pm_genpd_add_device()     failures, aka CID-57be09c6e874. NOTE: third parties     dispute the relevance of this because the attacker must     already have privileges for module     loading.(CVE-2019-19067)

  - A memory leak in the sdma_init() function in     drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel     before 5.3.9 allows attackers to cause a denial of     service (memory consumption) by triggering     rhashtable_init() failures, aka     CID-34b3be18a04e.(CVE-2019-19065)

  - Multiple memory leaks in the     iwl_pcie_ctxt_info_gen3_init() function in     drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.
    c in the Linux kernel through 5.3.11 allow attackers to     cause a denial of service (memory consumption) by     triggering iwl_pcie_init_fw_sec() or     dma_alloc_coherent() failures, aka     CID-0f4f199443fa.(CVE-2019-19059)

  - A memory leak in the alloc_sgtable() function in     drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the     Linux kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     alloc_page() failures, aka     CID-b4b814fec1a5.(CVE-2019-19058)

  - A memory leak in the i2400m_op_rfkill_sw_toggle()     function in drivers/net/wimax/i2400m/op-rfkill.c in the     Linux kernel before 5.3.11 allows attackers to cause a     denial of service (memory consumption), aka     CID-6f3ef5c25cc7.(CVE-2019-19051)

  - A memory leak in the mlx5_fpga_conn_create_cq()     function in     drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in     the Linux kernel before 5.3.11 allows attackers to     cause a denial of service (memory consumption) by     triggering mlx5_vector2eqn() failures, aka     CID-c8c2a057fdc7.(CVE-2019-19045)

  - A memory leak in the predicate_parse() function in     kernel/trace/trace_events_filter.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of     service (memory consumption), aka     CID-96c5c6e6a5b6.(CVE-2019-19072)

  - ** DISPUTED ** A memory leak in the spi_gpio_probe()     function in drivers/spi/spi-gpio.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of     service (memory consumption) by triggering     devm_add_action_or_reset() failures, aka     CID-d3b0ffa1d75d. NOTE: third parties dispute the     relevance of this because the system must have already     been out of memory before the probe     began.(CVE-2019-19070)

  - ** DISPUTED ** A memory leak in the unittest_data_add()     function in drivers/of/unittest.c in the Linux kernel     before 5.3.10 allows attackers to cause a denial of     service (memory consumption) by triggering     of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a.
    NOTE: third parties dispute the relevance of this     because unittest.c can only be reached during     boot.(CVE-2019-19049)

  - In the Linux kernel through 5.3.8, f->fmt.sdr.reserved     is uninitialized in rcar_drif_g_fmt_sdr_cap in     drivers/media/platform/rcar_drif.c, which could cause a     memory disclosure problem.(CVE-2019-18786)

  - A memory leak in the cx23888_ir_probe() function in     drivers/media/pci/cx23885/cx23888-ir.c in the Linux     kernel through 5.3.11 allows attackers to cause a     denial of service (memory consumption) by triggering     kfifo_alloc() failures, aka     CID-a7b2df76b42b.(CVE-2019-19054)

  - An issue was discovered in drivers/media/platform/vivid     in the Linux kernel through 5.3.8. It is exploitable     for privilege escalation on some Linux distributions     where local users have /dev/video0 access, but only if     the driver happens to be loaded. There are multiple     race conditions during streaming stopping in this     driver (part of the V4L2 subsystem). These issues are     caused by wrong mutex locking in     vivid_stop_generating_vid_cap(),     vivid_stop_generating_vid_out(),     sdr_cap_stop_streaming(), and the corresponding     kthreads. At least one of these race conditions leads     to a use-after-free.(CVE-2019-18683)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The kernel package contains the Linux kernel (vmlinuz),     the core of any Linux operating system. The kernel     handles the basic functions of the operating system:
    memory allocation, process allocation, device input and     output, etc.Security     Fix(es):drivers/media/usb/dvb-usb/technisat-usb2.c in     the Linux kernel through 5.2.9 has an out-of-bounds     read via crafted USB device traffic (which may be     remote via usbip or usbredir).(CVE-2019-15505)An issue     was discovered in the Linux kernel through 5.2.13.
    nbd_genl_status in drivers/blockbd.c does not check the     nla_nest_start_noflag return     value.(CVE-2019-16089)drivers/scsi/qla2xxx/qla_os.c in     the Linux kernel 5.2.14 does not check the     alloc_workqueue return value, leading to a NULL pointer     dereference.(CVE-2019-16233)In the Linux kernel before     5.2.14, rds6_inc_info_copy in net/rds/recv.c allows     attackers to obtain sensitive information from kernel     stack memory because tos and flags fields are not     initialized.(CVE-2019-16714)drivers/     net/wireless/rsi/rsi_91x_usb.c in the Linux kernel     through 5.2.9 has a Double Free via crafted USB device     traffic (which may be remote via usbip or     usbredir).(CVE-2019-15504)There is heap-based buffer     overflow in Linux kernel, all versions up to, excluding     5.3, in the marvell wifi chip driver in Linux kernel,     that allows local users to cause a denial of     service(system crash) or possibly execute arbitrary     code.(CVE-2019-14814)There is heap-based buffer     overflow in marvell wifi chip driver in Linux     kernel,allows local users to cause a denial of     service(system crash) or possibly execute arbitrary     code.(CVE-2019-14815)There is heap-based buffer     overflow in kernel, all versions up to, excluding 5.3,     in the marvell wifi chip driver in Linux kernel, that     allows local users to cause a denial of service(system     crash) or possibly execute arbitrary     code.(CVE-2019-14816)drivers/     net/wireless/ath/ath6kl/usb.c in the Linux kernel     through 5.2.9 has a NULL pointer dereference via an     incomplete address in an endpoint     descriptor.(CVE-2019-15098)drivers/     net/wireless/ath/ath10k/usb.c in the Linux kernel     through 5.2.8 has a NULL pointer dereference via an     incomplete address in an endpoint     descriptor.(CVE-2019-15099)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
139028	Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4440-1)	Nessus	Ubuntu Local Security Checks	high
139027	Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)	Nessus	Ubuntu Local Security Checks	high
138834	Ubuntu 18.04 LTS / 20.04 : Linux kernel vulnerabilities (USN-4425-1)	Nessus	Ubuntu Local Security Checks	high
138139	Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4414-1)	Nessus	Ubuntu Local Security Checks	high
134486	EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1197)	Nessus	Huawei Local Security Checks	critical
132796	EulerOS Virtualization for ARM 64 3.0.5.0 : kernel (EulerOS-SA-2020-1042)	Nessus	Huawei Local Security Checks	critical
130815	EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2106)	Nessus	Huawei Local Security Checks	critical

CVE-2019-16089

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins