Main Vulnerability Database SB2019052339

SB2019052339 - Fedora 28 update for kernel, kernel-headers

Published: May 23, 2019 Updated: April 25, 2025

Security Bulletin ID SB2019052339

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2019-10142)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the freescale hypervisor manager implementation in drivers/virt/fsl_hypervisor.c. A local guest user can send specially crafted data to the affected IOCTL , trigger integer overflow and execute arbitrary code on the target system.

2) Information disclosure (CVE-ID: CVE-2019-11833)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the Linux kernel does not zero out the unused memory region in the extent tree block within the fs/ext4/extents.c. A local user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2019-5443028b5f

SB2019052339 - Fedora 28 update for kernel, kernel-headers

Breakdown by Severity

Description

Remediation

References

Please verify you're human