SB2019111819 - Multiple vulnerabilities in Linux kernel
Published: November 18, 2019 Updated: January 21, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2019-19065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures. A local user can perform a denial of service attack.
2) Memory leak (CVE-ID: CVE-2019-19061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "adis_update_scan_mode_burst()" function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows a local user to cause a denial of service (memory consumption).
3) Memory leak (CVE-ID: CVE-2019-19069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "fastrpc_dma_buf_attach()" function in "drivers/misc/fastrpc.c" file in the Linux kernel before 5.3.9 allows a local user to cause a denial of service (memory consumption) by triggering "dma_get_sgtable()" failures.
4) Memory leak (CVE-ID: CVE-2019-19060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "adis_update_scan_mode()" function in d"rivers/iio/imu/adis_buffer.c" file. A local user can perform a denial of service attack.
5) Memory leak (CVE-ID: CVE-2019-19922)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in "kernel/sched/fair.c" when "cpu.cfs_quota_us" is used (e.g., with Kubernetes). A local user can cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration.
6) Memory leak (CVE-ID: CVE-2019-19048)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "crypto_reportstat()" function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows a local user to cause a denial of service (memory consumption) by triggering "copy_form_user()" failures.
7) Out-of-bounds write (CVE-ID: CVE-2019-19532)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. A local user with physical access can use a malicious USB device in the Linux kernel HID drivers, trigger out-of-bounds write and execute arbitrary code on the target system.
8) Use-after-free (CVE-ID: CVE-2019-19526)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/nfc/pn533/usb.c driver. A local user with physical access can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
- https://github.com/torvalds/linux/commit/34b3be18a04ecdc610aae4c48e5d1b799d8689f6
- https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://usn.ubuntu.com/4208-1/
- https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9
- https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0
- https://usn.ubuntu.com/4210-1/
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425
- https://github.com/kubernetes/kubernetes/issues/67577
- https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://relistan.com/the-kernel-may-be-slowing-down-your-app
- https://usn.ubuntu.com/4226-1/
- https://github.com/torvalds/linux/commit/e0b0cb9388642c104838fac100a4af32745621e2
- http://www.openwall.com/lists/oss-security/2019/12/03/4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d9d4b1e46d9543a82c23f6df03f4ad697dab361b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6af3aa57a0984e061f61308fe181a9a12359fecc