SB2019090442 - Multiple vulnerabilities in Linux kernel
Published: September 4, 2019 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2019-15918)
The vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.
2) Use-after-free (CVE-ID: CVE-2019-15920)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.
Remediation
Install update from vendor's website.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
- https://github.com/torvalds/linux/commit/b57a55e2200ede754e4dc9cce4ba9402544b9365
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4162-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://github.com/torvalds/linux/commit/088aaf17aa79300cab14dbee2569c58cfafd7d6e