SB2019033012 - OpenSUSE Linux update for the Linux Kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019033012

SB2019033012 - OpenSUSE Linux update for the Linux Kernel

Published: March 30, 2019

Security Bulletin ID SB2019033012
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2019-2024)

The vulnerability allows a local authenticated user to execute arbitrary code.

In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel


2) NULL pointer dereference (CVE-ID: CVE-2019-9213)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in expand_downwards() in mm/mmap.c that does not check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References