https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0

https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/

https://support.f5.com/csp/article/K12671141

USN-3930-1

USN-3930-2

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - An issue was discovered in rds_tcp_kill_sock in     net/rds/tcp.c in the Linux kernel before 5.0.8. There     is a race condition leading to a use-after-free,     related to net namespace cleanup.(CVE-2019-11815)

  - A flaw was found in the Linux kernel's handle_rx()     function in the vhost_net driver. A malicious virtual     guest, under specific conditions, can trigger an     out-of-bounds write in a kmalloc-8 slab on a virtual     host which may lead to a kernel memory corruption and a     system panic. Due to the nature of the flaw, privilege     escalation cannot be fully ruled out.(CVE-2018-16880)

  - A NULL pointer dereference security flaw was found in     the Linux kernel in kvm_pv_send_ipi() in     arch/x86/kvm/lapic.c. This allows local users with     certain privileges to cause a denial of service via a     crafted system call to the KVM     subsystem.(CVE-2018-19406)

  - The function hso_get_config_data in     drivers/net/usb/hso.c in the Linux kernel through     4.19.8 reads if_num from the USB device (as a u8) and     uses it to index a small array, resulting in an object     out-of-bounds (OOB) read that potentially allows     arbitrary read in the kernel address     space.(CVE-2018-19985)

  - ** RESERVED ** This candidate has been reserved by an     organization or individual that will use it when     announcing a new security problem. When the candidate     has been publicized, the details for this candidate     will be provided.(CVE-2019-3459)

  - ** RESERVED ** This candidate has been reserved by an     organization or individual that will use it when     announcing a new security problem. When the candidate     has been publicized, the details for this candidate     will be provided.(CVE-2019-3460)

  - A flaw was found in the Linux kernel in the function     hid_debug_events_read() in the drivers/hid/hid-debug.c     file which may enter an infinite loop with certain     parameters passed from a userspace. A local privileged     user ('root') can cause a system lock up and a denial     of service.(CVE-2019-3819)

  - In the Linux kernel before 4.20.14, expand_downwards in     mm/mmap.c lacks a check for the mmap minimum address,     which makes it easier for attackers to exploit kernel     NULL pointer dereferences on non-SMAP platforms. This     is related to a capability check for the wrong     task.(CVE-2019-9213)

  - A flaw was found in the Linux kernel's vfio interface     implementation that permits violation of the user's     locked memory limit. If a device is bound to a vfio     driver, such as vfio-pci, and the local attacker is     administratively granted ownership of the device, it     may cause a system memory exhaustion and thus a denial     of service (DoS). Versions 3.10, 4.14 and 4.18 are     vulnerable.(CVE-2019-3882)

  - An infinite loop issue was found in the vhost_net     kernel module in Linux Kernel up to and including     v5.1-rc6, while handling incoming packets in     handle_rx(). It could occur if one end sends packets     faster than the other end can process them. A guest     user, maybe remote one, could use this flaw to stall     the vhost_net kernel thread, resulting in a DoS     scenario.(CVE-2019-3900)

  - It was found that the net_dma code in tcp_recvmsg() in     the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe.
    So an unprivileged multi-threaded userspace application     calling recvmsg() for the same network socket in     parallel executed on ioatdma-enabled hardware with     net_dma enabled can leak the memory, crash the host     leading to a denial-of-service or cause a random memory     corruption.(CVE-2019-3837)

  - A race condition in perf_event_open() allows local     attackers to leak sensitive data from setuid programs.
    As no relevant locks (in particular the     cred_guard_mutex) are held during the     ptrace_may_access() call, it is possible for the     specified target task to perform an execve() syscall     with setuid execution before perf_event_alloc()     actually attaches to it, allowing an attacker to bypass     the ptrace_may_access() check and the     perf_event_exit_task(current) call that is performed in     install_exec_creds() during privileged execve() calls.
    This issue affects kernel versions before 4.8.
    (CVE-2019-3901)

  - ** RESERVED ** This candidate has been reserved by an     organization or individual that will use it when     announcing a new security problem. When the candidate     has been publicized, the details for this candidate     will be provided.(CVE-2019-8956)

  - cipso_v4_validate in include/net/cipso_ipv4.h in the     Linux kernel before 3.11.7, when CONFIG_NETLABEL is     disabled, allows attackers to cause a denial of service     (infinite loop and crash), as demonstrated by icmpsic,     a different vulnerability than     CVE-2013-0310.(CVE-2013-7470)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10.
This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.

Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824)

Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel.
An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460)

Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974)

Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221)

Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM).
(CVE-2019-7222)

Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information.
(CVE-2019-7308)

It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912)

Jakub Jirasek discovered a use-after-free vulnerability in the SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8956)

It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980)

It was discovered that a use-after-free vulnerability existed in the IPMI implementation in the Linux kernel. A local attacker with access to the IPMI character device files could use this to cause a denial of service (system crash). (CVE-2019-9003)

Jann Horn discovered that the SNMP NAT implementation in the Linux kernel performed insufficient ASN.1 length checks. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9162)

Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824)

Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel.
An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460)

Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974)

Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221)

Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM).
(CVE-2019-7222)

Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information.
(CVE-2019-7308)

It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912)

Jakub Jirasek discovered a use-after-free vulnerability in the SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8956)

It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980)

It was discovered that a use-after-free vulnerability existed in the IPMI implementation in the Linux kernel. A local attacker with access to the IPMI character device files could use this to cause a denial of service (system crash). (CVE-2019-9003)

Jann Horn discovered that the SNMP NAT implementation in the Linux kernel performed insufficient ASN.1 length checks. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9162)

Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
125588	EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1636)	Nessus	Huawei Local Security Checks	high
123677	Ubuntu 18.04 LTS : linux-hwe, linux-azure vulnerabilities (USN-3930-2)	Nessus	Ubuntu Local Security Checks	high
123676	Ubuntu 18.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 (USN-3930-1)	Nessus	Ubuntu Local Security Checks	high

CVE-2019-8956

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins