SB2019112712 - Multiple vulnerabilities in Linux kernel
Published: November 27, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2019-19077)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "bnxt_re_create_srq()" function in "drivers/infiniband/hw/bnxt_re/ib_verbs.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "ib_copy_to_udata()" failures.
2) Memory leak (CVE-ID: CVE-2019-19078)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "ath10k_usb_hif_tx_sg()" function in "drivers/net/wireless/ath/ath10k/usb.c" file. A remote attacker can cause a denial of service condition (memory consumption) by triggering "usb_submit_urb()" failures.
3) Memory leak (CVE-ID: CVE-2019-19072)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "predicate_parse()" function in "kernel/trace/trace_events_filter.c" file. A local attacker can cause a denial of service (memory consumption).
4) Memory leak (CVE-ID: CVE-2019-19073)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "htc_config_pipe_credits()", "htc_setup_complete()" and "htc_connect_service()" functions in "drivers/net/wireless/ath/ath9k/htc_hst.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "wait_for_completion_timeout()" failures.5) Memory leak (CVE-ID: CVE-2019-19063)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "rtl_usb_probe()" function in "drivers/net/wireless/realtek/rtlwifi/usb.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption).6) Memory leak (CVE-ID: CVE-2019-19068)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "rtl8xxxu_submit_int_urb()" function in "drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c" file. A remote attacker on the local network can cause a denial of service (memory consumption) by triggering "usb_submit_urb()" failures.
7) Memory leak (CVE-ID: CVE-2019-19071)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "rsi_send_beacon()" function in "drivers/net/wireless/rsi/rsi_91x_mgmt.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "rsi_prepare_beacon()" failures.
8) Memory leak (CVE-ID: CVE-2019-19074)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "ath9k_wmi_cmd()" function in "drivers/net/wireless/ath/ath9k/wmi.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption).
9) Memory leak (CVE-ID: CVE-2019-19082)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the *create_resource_pool() functions in "drivers/gpu/drm/amd/display/dc" file. A local attacker can cause a denial of service condition (memory consumption).
This vulnerability affects the following functions:
- dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
- dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c
- dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c
- dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c
- dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c
10) Memory leak (CVE-ID: CVE-2019-19066)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "bfad_im_get_stats()" function in "drivers/scsi/bfa/bfad_attr.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "bfa_port_get_stats()" failures.
11) Memory leak (CVE-ID: CVE-2019-19053)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "rpmsg_eptdev_write_iter()" function in "drivers/rpmsg/rpmsg_char.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "copy_from_iter_full()" failures.
12) Memory leak (CVE-ID: CVE-2019-19059)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "iwl_pcie_ctxt_info_gen3_init()" function in "drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "iwl_pcie_init_fw_sec() or dma_alloc_coherent()" failures.
13) Memory leak (CVE-ID: CVE-2019-19058)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "alloc_sgtable()" function in "drivers/net/wireless/intel/iwlwifi/fw/dbg.c" file. A remote attacker on the local network can cause a denial of service (memory consumption) by triggering "alloc_page()" failures.
14) Memory leak (CVE-ID: CVE-2019-19057)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "mwifiex_pcie_init_evt_ring()" function in "drivers/net/wireless/marvell/mwifiex/pcie.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "mwifiex_map_pci_memory()" failures.
15) Memory leak (CVE-ID: CVE-2019-19050)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "crypto_reportstat()" function in "crypto/crypto_user_stat.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "crypto_reportstat_alg()" failures.
16) Memory leak (CVE-ID: CVE-2019-19054)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "cx23888_ir_probe()" function in "drivers/media/pci/cx23885/cx23888-ir.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "kfifo_alloc()" failures.
17) Memory leak (CVE-ID: CVE-2019-19056)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "mwifiex_pcie_alloc_cmdrsp_buf()" function in "drivers/net/wireless/marvell/mwifiex/pcie.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "mwifiex_map_pci_memory()" failures.
18) Memory leak (CVE-ID: CVE-2019-19062)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "crypto_report()" function in "crypto/crypto_user_base.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "crypto_report_alg()" failures.
19) Memory leak (CVE-ID: CVE-2019-19043)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "i40e_setup_macvlans()" function in "drivers/net/ethernet/intel/i40e/i40e_main.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "i40e_setup_channel()" failures.
Remediation
Install update from vendor's website.
References
- https://github.com/torvalds/linux/commit/4a9d46a9fe14401f21df69cea97c62396d5fb053
- https://github.com/torvalds/linux/commit/b8d17e7d93d2beb89e4f34c59996376b8b544792
- https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://github.com/torvalds/linux/commit/853acf7caf10b828102d92d05b5c101666a6142b
- https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb
- https://github.com/torvalds/linux/commit/a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c
- https://github.com/torvalds/linux/commit/d563131ef23cbc756026f839a82598c8445bc45f
- https://github.com/torvalds/linux/commit/728c1e2a05e4b5fc52fab3421dce772a806612a2
- https://github.com/torvalds/linux/commit/104c307147ad379617472dd91a5bcb368d72bd6d
- https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0
- https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51
- https://github.com/torvalds/linux/commit/0f4f199443faca715523b0659aa536251d8b978f
- https://github.com/torvalds/linux/commit/b4b814fec1a5a849383f7b3886b654a13abbda7d
- https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c
- https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd
- https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177
- https://github.com/torvalds/linux/commit/db8fd2cde93227e566a412cf53173ffa227998bc
- https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc
- https://github.com/torvalds/linux/commit/27d461333459d282ffa4a2bdb6b215a59d493a8f