SB2019051564 - Fedora 28 update for kernel, kernel-headers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019051564

SB2019051564 - Fedora 28 update for kernel, kernel-headers

Published: May 15, 2019 Updated: April 25, 2025

Security Bulletin ID SB2019051564
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-12126)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


2) Information disclosure (CVE-ID: CVE-2018-12130)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


3) Information disclosure (CVE-ID: CVE-2018-12127)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


4) Information disclosure (CVE-ID: CVE-2019-11091)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


5) Information disclosure (CVE-ID: CVE-2019-11884)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability in the "do_hidp_sock_ioctl" function in "net/bluetooth/hidp/sock.c" exists due to the Bluetooth Human Interface Device Protocol (HIDP) implementation did not properly verify strings were NULL terminated in certain situations. A local authenticated user can gain unauthorized access to sensitive information from kernel stack memory via a "HIDPCONNADD" command, because a name field may not end with a '' character. 


Remediation

Install update from vendor's website.

References