SB2019041250 - OpenSUSE Linux update for the Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019041250

SB2019041250 - OpenSUSE Linux update for the Linux Kernel

Published: April 12, 2019

Security Bulletin ID SB2019041250
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2019-2024)

The vulnerability allows a local authenticated user to execute arbitrary code.

In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel


2) Infinite loop (CVE-ID: CVE-2019-3819)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the function hid_debug_events_read() in drivers/hid/hid-debug.c file due to infinite loop when certain parameters passed from a userspace. A local attacker can execute a specially crafted program that submits malicious input to cause a system lock up and a denial of service.


3) Information disclosure (CVE-ID: CVE-2019-7308)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to out-of-bounds speculation on pointer arithmetic in various cases in kernel/bpf/verifier.c, including cases of different branches with different state or limits to sanitize. A remote attacker can gain unauthorized access to sensitive information on the system.


4) Use-after-free (CVE-ID: CVE-2019-8912)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the af_alg_release() function, as defined in the crypto/af_alg.c source code file of the affected software, fails to set a NULL value for a certain structure member. A local attacker can access the system and execute an application that submits malicious input to the affected software and trigger a use-after-free condition in the sockfs_setattr function, resulting in a DoS condition


5) Memory leak (CVE-ID: CVE-2019-8980)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper memory operations in the kernel_read_file function, as defined in the fs/exec.c source code file. A remote attacker can send malicious file that triggers vfs_read failures and memory leak condition and perform a denial of service attack.


6) NULL pointer dereference (CVE-ID: CVE-2019-9213)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in expand_downwards() in mm/mmap.c that does not check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References