Slackware Linux update for Slackware 14.2 kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2017-18509 CVE-2018-20856 CVE-2019-10207 CVE-2019-1125 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 |
| CWE-ID | CWE-20 CWE-416 CWE-476 CWE-200 CWE-787 CWE-399 CWE-190 CWE-400 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software Subscribe |
Slackware Linux Operating systems & Components / Operating system |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU30823
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-18509
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
MitigationUpdate the affected package Slackware 14.2 kernel.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU19568
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20856
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on a targeted system.
The vulnerability exists due to a use-after-free error when the "__blk_drain_queue()" function in the "block/blk-core.c" file mishandles error cases. A local authenticated attacker can access the system and execute an application that submits malicious input, cause a use-after-free memory operation error and execute arbitrary code on the targeted system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package Slackware 14.2 kernel.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU28401
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10207
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.
MitigationUpdate the affected package Slackware 14.2 kernel.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU19946
Risk: Low
CVSSv3.1: 8.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2019-1125
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information and elevate privileges on the system.
The vulnerability exists when certain central processing units (CPU) speculatively access memory. A local user can gain unauthorized access to sensitive information and elevate privileges on the system.
This issue is a variant of the Spectre Variant 1 speculative execution side channel vulnerability that leverages SWAPGS instructions to bypass KPTI/KVA mitigations.
MitigationUpdate the affected package Slackware 14.2 kernel.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Out-of-bounds write
EUVDB-ID: #VU19576
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-13631
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionUpdate the affected package Slackware 14.2 kernel.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU19387
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13648
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the "arch/powerpc/kernel/signal_32.c" and "arch/powerpc/kernel/signal_64.c" files on the PowerPC platform, when hardware transactional memory is disabled. A local authenticated attacker can make a "sigreturn()" system call that sends a signal frame that sends a signal frame that submits malicious input to the targeted system and cause a denial of service condition.
MitigationUpdate the affected package Slackware 14.2 kernel.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU19594
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14283
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists due to the "set_geometry" function in the "drivers/block/floppy.c" file does not properly validate the sect and head fields. A local authenticated attacker can insert a floppy disk that submits malicious input to the targeted system, trigger integer overflow, which could cause an out-of-bounds write condition and execute arbitrary code on the target system or cause a DoS condition.
Update the affected package Slackware 14.2 kernel.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU19593
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14284
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide-by-zero condition in the "drivers/block/floppy.c" file. A local authenticated attacker can insert a floppy disk that submits malicious input to the targeted system, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package Slackware 14.2 kernel.
Vulnerable software versionsSlackware Linux: 14.2
External linkshttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.717544
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
