SB2019041808 - OpenSUSE Linux update for xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019041808

SB2019041808 - OpenSUSE Linux update for xen

Published: April 18, 2019

Security Bulletin ID SB2019041808
Severity
Low
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2018-19665)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow in various Bluetooth functions in routines wherein 'len' parameter is a 'signed int' which subsequently converts to an unsigned integer. An adjacent attacker can trigger memory corruption and cause the service to crash.


2) Denial of service (CVE-ID: CVE-2018-19961)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to insufficient TLB flushing after improper large page mappings with AMD IOMMUs. An adjacent attacker can cause the service to crash.

3) Privilege escalation (CVE-ID: CVE-2018-19962)

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The weakness exists on AMD x86 platforms due to small IOMMU mappings are unsafely combined into larger ones. An adjacent attacker can gain host OS privileges.

4) Denial of service (CVE-ID: CVE-2018-19965)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to an error when attempting to use INVPCID with a non-canonical addresses. An adjacent attacker can cause the service to crash.

5) Denial of service (CVE-ID: CVE-2018-19966)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to XSA-240 conflicts with shadow paging. An adjacent attacker can cause the service to crash.

6) Denial of service (CVE-ID: CVE-2018-19967)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to unspecified flaw. An adjacent attacker can invoke a HLE transaction with the XACQUIRE prefix on the host physical memory range covering the first 4 MiB starting at the 1GiB boundary to cause denial of service conditions on the host system.


7) Heap-based buffer overflow (CVE-ID: CVE-2019-6778)

The vulnerability allows a local user to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the tcp_emu() function in slirp/tcp_subr.c. A local user can send specially crafted networking packets, trigger heap-based buffer overflow and crash the affected system.


8) Memory leak (CVE-ID: CVE-2019-9824)

The vulnerability allows a local user to gain access to sensitive information on the system.

The vulnerability exists due memory leak within the SLiRP networking implementation. A local user can read uninitialised stack memory contents.


Remediation

Install update from vendor's website.

References