SB2019111436 - Red Hat update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019111436

SB2019111436 - Red Hat update for kernel

Published: November 14, 2019

Security Bulletin ID SB2019111436
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Improper access control (CVE-ID: CVE-2019-0155)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Intel GPU subsystem. A local unprivileged user can perform blitter manipulation manipulation and write data to arbitrary location in kernel memory. As a result a local authenticated user can execute arbitrary code on the system with superuser privileges.

This vulnerability affects the following Intel products:

- 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families

- Intel(R) Pentium(R) Processor J, N, Silver and Gold Series

- Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series

- Intel(R) Atom(R) Processor A and E3900 Series

- Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families

- Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077)

- i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201


Remediation

Install update from vendor's website.

References