https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11

https://github.com/torvalds/linux/commit/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471

https://security.netapp.com/advisory/ntap-20191205-0001/

USN-4225-1

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1769 advisory.

  - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)

  - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)

  - kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c (CVE-2019-12819)

  - kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure     (CVE-2019-15090)

  - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash     (CVE-2019-15099)

  - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)

  - kernel: Null pointer dereference in the sound/usb/line6/driver.c (CVE-2019-15223)

  - kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c (CVE-2019-16234)

  - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)

  - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)

  - kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)

  - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)

  - kernel: dos in mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c     (CVE-2019-19045)

  - kernel: dos in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c     (CVE-2019-19047)

  - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS     (CVE-2019-19055)

  - kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in     drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)

  - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c     allows for a DoS (CVE-2019-19058)

  - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in     drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)

  - kernel: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows for a DoS     (CVE-2019-19065)

  - kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow     for a DoS (CVE-2019-19067)

  - kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)     (CVE-2019-19073)

  - kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)

  - kernel: memory leak in bnxt_re_create_srq function in drivers/infiniband/hw/bnxt_re/ib_verbs.c     (CVE-2019-19077)

  - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)

  - kernel: information leak bug caused by a malicious USB device in the     drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)

  - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)

  - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound     applications (CVE-2019-19922)

  - kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service     (CVE-2019-8980)

  - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open     (CVE-2020-10690)

  - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)

  - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1567 advisory.

  - kernel: nfs: NULL pointer dereference due to an     anomalized NFS message sequence (CVE-2018-16871)

  - Kernel: net: using kernel space address bits to derive     IP ID may potentially break KASLR (CVE-2019-10639)

  - kernel: An out-of-bounds read in     drivers/scsi/qedi/qedi_dbg.c leading to crash or     information disclosure (CVE-2019-15090)

  - kernel: a NULL pointer dereference in     drivers/net/wireless/ath/ath10k/usb.c leads to a crash     (CVE-2019-15099)

  - kernel: Null pointer dereference in the     sound/usb/line6/pcm.c (CVE-2019-15221)

  - kernel: unprivileged users able to create RAW sockets     in AF_IEEE802154 network protocol. (CVE-2019-17053)

  - kernel: unprivileged users able to create RAW sockets in     AF_ISDN  network protocol. (CVE-2019-17055)

  - kernel: integer overflow in tcp_ack_update_rtt in     net/ipv4/tcp_input.c (CVE-2019-18805)

  - kernel: Two memory leaks in the     mwifiex_pcie_init_evt_ring() function in     drivers/net/wireless/marvell/mwifiex/pcie.c allows for a     DoS (CVE-2019-19057)

  - kernel: Memory leaks in     drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux     kernel (DOS) (CVE-2019-19073)

  - kernel: a memory leak in the ath9k management function     in allows local DoS (CVE-2019-19074)

  - kernel: information leak bug caused  by a malicious USB     device in the     drivers/net/can/usb/peak_usb/pcan_usb_core.c driver     (CVE-2019-19534)

  - kernel: use-after-free in __blk_add_trace in     kernel/trace/blktrace.c (CVE-2019-19768)

  - kernel: when cpu.cfs_quota_us is used allows attackers     to cause a denial of service against non-cpu-bound     applications (CVE-2019-19922)

  - kernel: memory leak in the kernel_read_file function in     fs/exec.c allows to cause a denial of service     (CVE-2019-8980)

  - kernel: some ipv6 protocols not encrypted over ipsec     tunnel. (CVE-2020-1749)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1769 advisory.

  - kernel: nfs: NULL pointer dereference due to an     anomalized NFS message sequence (CVE-2018-16871)

  - Kernel: net: using kernel space address bits to derive     IP ID may potentially break KASLR (CVE-2019-10639)

  - kernel: An out-of-bounds read in     drivers/scsi/qedi/qedi_dbg.c leading to crash or     information disclosure (CVE-2019-15090)

  - kernel: a NULL pointer dereference in     drivers/net/wireless/ath/ath10k/usb.c leads to a crash     (CVE-2019-15099)

  - kernel: Null pointer dereference in the     sound/usb/line6/pcm.c (CVE-2019-15221)

  - kernel: unprivileged users able to create RAW sockets     in AF_IEEE802154 network protocol. (CVE-2019-17053)

  - kernel: unprivileged users able to create RAW sockets in     AF_ISDN  network protocol. (CVE-2019-17055)

  - kernel: integer overflow in tcp_ack_update_rtt in     net/ipv4/tcp_input.c (CVE-2019-18805)

  - kernel: Two memory leaks in the     mwifiex_pcie_init_evt_ring() function in     drivers/net/wireless/marvell/mwifiex/pcie.c allows for a     DoS (CVE-2019-19057)

  - kernel: Memory leaks in     drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux     kernel (DOS) (CVE-2019-19073)

  - kernel: a memory leak in the ath9k management function     in allows local DoS (CVE-2019-19074)

  - kernel: information leak bug caused  by a malicious USB     device in the     drivers/net/can/usb/peak_usb/pcan_usb_core.c driver     (CVE-2019-19534)

  - kernel: use-after-free in __blk_add_trace in     kernel/trace/blktrace.c (CVE-2019-19768)

  - kernel: when cpu.cfs_quota_us is used allows attackers     to cause a denial of service against non-cpu-bound     applications (CVE-2019-19922)

  - kernel: memory leak in the kernel_read_file function in     fs/exec.c allows to cause a denial of service     (CVE-2019-8980)

  - kernel: some ipv6 protocols not encrypted over ipsec     tunnel. (CVE-2020-1749)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901)

It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)

It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231)

Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660)

It was discovered that the Broadcom V3D DRI driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19044)

It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19045)

It was discovered that the Mellanox Technologies ConnectX driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19047)

It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19051)

It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052)

It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19055)

It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19072)

It was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability.
A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2019-19524)

It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-19529)

It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534)

Tristan Madani discovered that the ALSA timer implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19807)

It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2019-18813).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
145850	CentOS 8 : kernel (CESA-2020:1769)	Nessus	CentOS Local Security Checks	critical
136116	RHEL 8 : kernel-rt (RHSA-2020:1567)	Nessus	Red Hat Local Security Checks	critical
136115	RHEL 8 : kernel (RHSA-2020:1769)	Nessus	Red Hat Local Security Checks	critical
132689	Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, (USN-4225-1)	Nessus	Ubuntu Local Security Checks	critical

CVE-2019-19047

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

critical

critical

critical