SB2020032735 - Slackware Linux update for kernel
Published: March 27, 2020 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 23 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2019-19965)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sas_get_port_device() function in drivers/scsi/libsas/sas_discover.c. A local user can perform a denial of service (DoS) attack.
2) Memory leak (CVE-ID: CVE-2019-19068)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "rtl8xxxu_submit_int_urb()" function in "drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c" file. A remote attacker on the local network can cause a denial of service (memory consumption) by triggering "usb_submit_urb()" failures.
3) Information disclosure (CVE-ID: CVE-2019-14615)
The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
4) Out-of-bounds write (CVE-ID: CVE-2019-14895)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
5) Memory leak (CVE-ID: CVE-2019-19056)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "mwifiex_pcie_alloc_cmdrsp_buf()" function in "drivers/net/wireless/marvell/mwifiex/pcie.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "mwifiex_map_pci_memory()" failures.
6) Memory leak (CVE-ID: CVE-2019-19066)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "bfad_im_get_stats()" function in "drivers/scsi/bfa/bfad_attr.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "bfa_port_get_stats()" failures.
7) NULL pointer dereference (CVE-ID: CVE-2019-15217)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in drivers/media/usb/zr364xx/zr364xx.c driver. A remote attacker can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2018-21008)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. A remote attacker can use the function rsi_mac80211_detach to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
9) Use-after-free (CVE-ID: CVE-2019-15220)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/net/wireless/intersil/p54/p54usb.c driver. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
10) NULL pointer dereference (CVE-ID: CVE-2019-15221)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in sound/usb/line6/pcm.c driver. A local user can perform a denial of service (DoS) attack using a malicious USB device.
11) Input validation error (CVE-ID: CVE-2019-5108)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.
12) Out-of-bounds write (CVE-ID: CVE-2019-14896)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
13) Out-of-bounds write (CVE-ID: CVE-2019-14897)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.
14) Out-of-bounds read (CVE-ID: CVE-2020-9383)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the set_fdc() function in drivers/block/floppy.c file in Linux kernel due to the FDC index is not checked for errors before assigning it. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
15) Information disclosure (CVE-ID: CVE-2020-2732)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incomplete implementation of vmx_check_intercept on Intel processors in KVM in Linux kernel, which leads to I/O or MSR interception bitmaps are not checked. A remote attacker with access to guest operating system (e.g. L2 guest) can trick the L0 hypervisor into accessing sensitive information on the L1 hypervisor.
16) Null pointer dereference (CVE-ID: CVE-2019-16233)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
17) Incorrect default permissions (CVE-ID: CVE-2020-0009)
The vulnerability allows a local authenticated user to manipulate data.
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
18) Resource management error (CVE-ID: CVE-2019-11487)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reference count overflow in page->_refcount that leads to a use-after-free error on systems with more than 140 GiB of RAM. A local user can send specially crafted FUSE requests that may lead to denial of service conditions.
The vulnerability is related to code in fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c files.
19) Use-after-free (CVE-ID: CVE-2020-8647)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
20) Use-after-free (CVE-ID: CVE-2020-8649)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
21) Null pointer dereference (CVE-ID: CVE-2019-16234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
22) Use-after-free (CVE-ID: CVE-2020-8648)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
23) Out-of-bounds write (CVE-ID: CVE-2019-14901)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Marvell WiFi chip driver within the "mwifiex_process_tdls_action_frame()" function in "marvell/mwifiex/tdls.c". A remote attacker on the local network can send a specially crafted network traffic, trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.