SB2019110746 - Slackware Linux update for kernel
Published: November 7, 2019 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2019-3900)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in vhost_net kernel module when processing incoming packets in handle_rx(). A remote attacker with access to guest operating system can stall the vhost_net kernel thread and cause denial of service conditions.
2) Resource exhaustion (CVE-ID: CVE-2019-15118)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of recursion within the check_input_term() function in sound/usb/mixer.c. A local user can run a specially crafted application to trigger resource exhaustion and perform a denial of service (DoS) attack.
3) Race condition (CVE-ID: CVE-2016-10906)
The vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
4) Use-after-free (CVE-ID: CVE-2016-10905)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "fs/gfs2/rgrp.c" file. A local authenticated user can access the system, execute an application that submits malicious input to the affected software, cause a use-after-free condition in the "gfs2_clear_rgrpd" and "read_rindex_entry" functions and execute arbitrary code or cause a DoS condition.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Information disclosure (CVE-ID: CVE-2019-10638)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the software uses the IP ID values that the kernel produces for connectionless protocols. A remote attacker with a crafted web page can forge the targeted system to send UDP traffic to an attacker-controlled IP address to gain unauthorized access to sensitive information on the system.
6) Buffer overflow (CVE-ID: CVE-2019-15117)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to the "parse_audio_mixer_unit" in "sound/usb/mixer.c" mishandles a short descriptor. A local authenticated user can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Buffer overflow (CVE-ID: CVE-2019-14835)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error within the vhost/vhost_net Linux kernel module during the live migration flow when processing dirty log entries. A privileged guest user can pass descriptors with invalid length to the host when migration is on the way, trigger buffer overflow and execute arbitrary code on the host OS.
8) Heap-based buffer overflow (CVE-ID: CVE-2019-14816)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the mwifiex_set_wmm_params() function in the Marvell Wi-Fi chip driver in Linux kernel. A local user can run a specially crafted application to trigger a heap-based buffer overflow and execute arbitrary code on the system with elevated privileges.
9) Heap-based buffer overflow (CVE-ID: CVE-2019-14814)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the mwifiex_update_vs_ie() function in the Marvell Wi-Fi chip driver in Linux kernel. A local user can run a specially crafted application to trigger a heap-based buffer overflow and execute arbitrary code on the system with elevated privileges.
10) Out-of-bounds read (CVE-ID: CVE-2019-15505)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the drivers/media/usb/dvb-usb/technisat-usb2.c USB driver in Linux kernel. A local user can use a specially crafted USB device to trigger out-of-bounds read error during data transfer and read contents of memory on the system.
11) Out-of-bounds write (CVE-ID: CVE-2019-14821)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the KVM coalesced MMIO support functionality due to incorrect processing of shared indexes. A local user can run a specially crafted application to trigger an out-of-bounds write error and write data to arbitrary address in the kernel memory.
Successful vulnerability exploitation may allow an attacker to execute arbitrary code on the system with root privileges.
12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-17053)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the ieee802154_create() function in net/ieee802154/socket.c in the AF_IEEE802154 network module for the Linux kernel does not enforce CAP_NET_RAW when creating raw sockets. A local unprivileged user can create raw sockets on the system.
13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-17052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the ax25_create() function in net/ax25/af_ax25.c in the AF_AX25 network module for the Linux kernel does not enforce CAP_NET_RAW when creating raw sockets. A local unprivileged user can create raw sockets on the system.
14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-17056)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the llcp_sock_create() function in net/nfc/llcp_sock.c in the AF_NFC network module for the Linux kernel does not enforce CAP_NET_RAW. A local unprivileged user can create a raw socket.
15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-17055)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module for the Linux kernel does not enforce CAP_NET_RAW. A local unprivileged user can create a raw socket.
16) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-17054)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the atalk_create() function in net/appletalk/ddp.c in the AF_APPLETALK network module for the Linux kernel does not enforce CAP_NET_RAW when creating raw sockets. A local unprivileged user can create raw sockets on the system.
17) Use-after-free (CVE-ID: CVE-2019-2215)
The vulnerability allows a local authenticated user to execute arbitrary code.
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
18) Buffer overflow (CVE-ID: CVE-2019-16746)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
19) Use-after-free (CVE-ID: CVE-2018-20976)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists in "fs/xfs/xfs_super.c" due to a use-after-free error when the "xfs_fs_fill_super" fails. A local authenticated user can execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
20) Improper input validation (CVE-ID: CVE-2019-17075)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.
21) Buffer overflow (CVE-ID: CVE-2019-17133)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the cfg80211_mgd_wext_giwessid function in net/wireless/wext-sme.c in Linux kernel, because the affected component does not reject a long SSID IE. A remote attacker on the local wireless network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) NULL pointer dereference (CVE-ID: CVE-2019-15098)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "drivers/net/wireless/ath/ath6kl/usb.c". A remote attacker can trigger denial of service conditions via an incomplete address in an endpoint descriptor.
Remediation
Install update from vendor's website.