SB2020110442 - Red Hat Enterprise Linux 8 update for kernel
Published: November 4, 2020 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 41 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2019-9455)
The vulnerability allows a local privileged user to gain access to sensitive information.
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
2) Race condition (CVE-ID: CVE-2019-9458)
The vulnerability allows a local authenticated user to execute arbitrary code.
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
3) NULL pointer dereference (CVE-ID: CVE-2019-12614)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c due to kstrdup of prop->name. A local user can perform a denial of service (DoS) attack.
4) Use-after-free (CVE-ID: CVE-2019-15917)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. A remote attacker with physical proximity to the system can send specially crafted Bluetoth data and execute arbitrary code.
5) Out-of-bounds read (CVE-ID: CVE-2019-15925)
The vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.
6) Null pointer dereference (CVE-ID: CVE-2019-16231)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
7) Null pointer dereference (CVE-ID: CVE-2019-16233)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
8) Memory leak (CVE-ID: CVE-2019-18808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "ccp_run_sha_cmd()" function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows a local user to cause a denial of service (memory consumption).
9) Memory leak (CVE-ID: CVE-2019-18809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "af9005_identify_state()" function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows a local user to cause a denial of service (memory consumption).
10) Memory leak (CVE-ID: CVE-2019-19056)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "mwifiex_pcie_alloc_cmdrsp_buf()" function in "drivers/net/wireless/marvell/mwifiex/pcie.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "mwifiex_map_pci_memory()" failures.
11) Memory leak (CVE-ID: CVE-2019-19062)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "crypto_report()" function in "crypto/crypto_user_base.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "crypto_report_alg()" failures.
12) Memory leak (CVE-ID: CVE-2019-19063)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "rtl_usb_probe()" function in "drivers/net/wireless/realtek/rtlwifi/usb.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption).13) Memory leak (CVE-ID: CVE-2019-19068)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "rtl8xxxu_submit_int_urb()" function in "drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c" file. A remote attacker on the local network can cause a denial of service (memory consumption) by triggering "usb_submit_urb()" failures.
14) Memory leak (CVE-ID: CVE-2019-19072)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "predicate_parse()" function in "kernel/trace/trace_events_filter.c" file. A local attacker can cause a denial of service (memory consumption).
15) Out-of-bounds read (CVE-ID: CVE-2019-19319)
The vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the __check_block_validity() function in fs/ext4/inode.c, within the debug_print_tree() and ext4_setup_system_zone() functions in fs/ext4/block_validity.c. A local privileged user can execute arbitrary code.
16) Out-of-bounds write (CVE-ID: CVE-2019-19332)
The vulnerability allows a local authenticated user to damange or delete data.
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
17) Use-after-free (CVE-ID: CVE-2019-19447)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
18) Use-after-free (CVE-ID: CVE-2019-19524)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/input/ff-memless.c driver. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
19) Information disclosure (CVE-ID: CVE-2019-19533)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an info-leak bug in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver. A local user with physical access can use a malicious USB device and gain unauthorized access to sensitive information on the system.
20) Race condition (CVE-ID: CVE-2019-19537)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
21) Use-after-free (CVE-ID: CVE-2019-19543)
The vulnerability allows a local authenticated user to execute arbitrary code.
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
22) Use-after-free (CVE-ID: CVE-2019-19767)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
23) NULL pointer dereference (CVE-ID: CVE-2019-20054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 5.0.6 in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. A local user can perform a denial of service (DoS) attack.
24) Out-of-bounds write (CVE-ID: CVE-2019-20636)
The vulnerability allows a local privileged user to execute arbitrary code.
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
25) Use-after-free (CVE-ID: CVE-2020-0305)
The vulnerability allows a local privileged user to execute arbitrary code.
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
26) Use-after-free (CVE-ID: CVE-2020-8647)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
27) Use-after-free (CVE-ID: CVE-2020-8648)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
28) Use-after-free (CVE-ID: CVE-2020-8649)
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
29) Use of uninitialized resource (CVE-ID: CVE-2020-10732)
The vulnerability allows a local user to read memory contents or crash the application.
The vulnerability exists due to use of uninitialized resource error within the fill_thread_core_info() function in fs/binfmt_elf.c. A local user can read memory contents or crash the application.
30) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-10751)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due in the Linux kernels SELinux LSM hook implementation where the kernel incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
31) Input validation error (CVE-ID: CVE-2020-10773)
The vulnerability allows a local privileged user to gain access to sensitive information.
A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. A local privileges user can gain access to sensitive data in the memory.
32) Buffer access with incorrect length value (CVE-ID: CVE-2020-10774)
The vulnerability allows a local user to gain access to sensitive information.
A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
33) Stack-based buffer overflow (CVE-ID: CVE-2020-10942)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the get_raw_socket() function in drivers/vhost/net.c due to lack of validation of the sk_family field. A local user can perform a specially crafted system call, trigger stack overflow and crash the kernel.
34) NULL pointer dereference (CVE-ID: CVE-2020-11668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the drivers/media/usb/gspca/xirlink_cit.c in Xirlink camera USB driver. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
35) Buffer overflow (CVE-ID: CVE-2020-12465)
The vulnerability allows a local privileged user to execute arbitrary code.
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
36) Resource exhaustion (CVE-ID: CVE-2020-12655)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in "xfs_agf_verify" in "fs/xfs/libxfs/xfs_alloc.c" file. A local user can use an XFS v5 image with crafted metadata, trigger resource exhaustion and perform a denial of service (DoS) attack.
37) Out-of-bounds write (CVE-ID: CVE-2020-12659)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in "xdp_umem_reg" in "net/xdp/xdp_umem.c" file. A local user can trigger out-of-bounds write and execute arbitrary code on the target system.
38) Input validation error (CVE-ID: CVE-2020-12770)
The vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.
39) Integer overflow (CVE-ID: CVE-2020-12826)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in "exec_id" in "include/linux/sched.h". A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
40) Use after free (CVE-ID: CVE-2020-14381)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to use after free error within the get_futex_key_refs(), drop_futex_key_refs() and futex_setup_timer() functions in kernel/futex.c, within the inode_init_always() function in fs/inode.c. A local user can execute arbitrary code.
41) Infinite loop (CVE-ID: CVE-2020-25641)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect implementation of biovecs in Linux kernel. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. A local user can issue requests to a block device and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.