SB2019111821 - Multiple vulnerabilities in Linux kernel
Published: November 18, 2019 Updated: January 21, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2019-19080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "nfp_flower_spawn_phy_reprs()" function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow local user to cause a denial of service (memory consumption).
2) Information disclosure (CVE-ID: CVE-2019-19533)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an info-leak bug in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver. A local user with physical access can use a malicious USB device and gain unauthorized access to sensitive information on the system.
3) Memory leak (CVE-ID: CVE-2019-19081)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "nfp_flower_spawn_vnic_reprs()" function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows a local user to cause a denial of service (memory consumption).
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-17052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the ax25_create() function in net/ax25/af_ax25.c in the AF_AX25 network module for the Linux kernel does not enforce CAP_NET_RAW when creating raw sockets. A local unprivileged user can create raw sockets on the system.
5) Buffer overflow (CVE-ID: CVE-2019-18198)
The vulnerability allows a local user to escalate privileges system.
The vulnerability exists due to a reference count usage error in the fib6_rule_suppress() function in the
fib6 suppression feature of net/ipv6/fib6_rules.c within the Linux kernel, when handling the
FIB_LOOKUP_NOREF flag. A local user can set the FIB_LOOKUP_NOREF flag, trigge rmemory corruption and execute arbitrary code on the system with elevated privileges.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4
- https://github.com/torvalds/linux/commit/8572cea1461a006bce1d06c0c4b0575869125fa4
- https://security.netapp.com/advisory/ntap-20191205-0001/
- http://www.openwall.com/lists/oss-security/2019/12/03/4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://github.com/torvalds/linux/commit/8ce39eb5a67aee25d9f05b40b673c95b23502e3e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0614e2b73768b502fc32a75349823356d98aae2c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
- https://github.com/torvalds/linux/commit/ca7a03c4175366a92cee0ccc4fec0038c3266e26
- https://launchpad.net/bugs/1847478