SB2019092005 - Amazon Linux AMI update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019092005

SB2019092005 - Amazon Linux AMI update for kernel

Published: September 20, 2019

Security Bulletin ID SB2019092005
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-15594)

The vulnerability allows an adjacent attacker to conduct Spectre version 2 (Spectre-v2) attacks.

The vulnerability exists in the arch/x86/kernel/paravirt.c source code file due to improper handling of indirect calls to CALLEE_SAVE paravirtual functions. A remote attacker can access the system and execute an application that submits malicious input to access sensitive information, which could be used to conduct additional attacks. 


2) Buffer overflow (CVE-ID: CVE-2018-9363)

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the hidp_process_report when processing Bluetooth packets. An attacker with physical proximity to the system can send specially crafted traffic, trigger memory corruption and perform denial of service attack or execute arbitrary code.


Remediation

Install update from vendor's website.

References