SB2020010835 - Slackware Linux update for Slackware 14.2 kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020010835

SB2020010835 - Slackware Linux update for Slackware 14.2 kernel

Published: January 8, 2020

Security Bulletin ID SB2020010835
Severity
Medium
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2019-12614)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c due to  kstrdup of prop->name. A local user can perform a denial of service (DoS) attack.


2) NULL pointer dereference (CVE-ID: CVE-2019-15291)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the "flexcop_usb_probe" function in the "drivers/media/usb/b2c2/flexcop-usb.c" driver. A local attacker with physical access can use a malicious USB device and perform a denial of service (DoS) attack.


3) Use-after-free (CVE-ID: CVE-2019-15917)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. A remote attacker with physical proximity to the system can send specially crafted Bluetoth data and execute arbitrary code.



4) Information disclosure (CVE-ID: CVE-2019-18660)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to absent protection in Linux kernel on powerpc against the Spectre-RSB, related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. A local user can gain unauthorized access to sensitive information on the system.


5) Race condition (CVE-ID: CVE-2019-18683)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition, caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Successful exploitation of the vulnerability requires access to /dev/video0.


6) Memory leak (CVE-ID: CVE-2019-19057)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "mwifiex_pcie_init_evt_ring()" function in "drivers/net/wireless/marvell/mwifiex/pcie.c"  file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "mwifiex_map_pci_memory()" failures.


7) Memory leak (CVE-ID: CVE-2019-19062)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "crypto_report()" function in "crypto/crypto_user_base.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "crypto_report_alg()" failures.


8) Memory leak (CVE-ID: CVE-2019-19063)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "rtl_usb_probe()" function in "drivers/net/wireless/realtek/rtlwifi/usb.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption).

9) NULL pointer dereference (CVE-ID: CVE-2019-19227)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. A remote attacker can perform a denial of service (DoS) attack.


10) Out-of-bounds write (CVE-ID: CVE-2019-19332)

The vulnerability allows a local authenticated user to damange or delete data.

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.


11) Resource management error (CVE-ID: CVE-2019-19338)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incomplete fix for Transaction Asynchronous Abort (TAA) issue on certain Intel CPUs (CVE-2019-11135). A local user on a guest operating system can exploit this vulnerability to gain access to sensitive information.


12) Use-after-free (CVE-ID: CVE-2019-19524)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use-after-free error in the drivers/input/ff-memless.c driver. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.


Remediation

Install update from vendor's website.

References