SB2020041632 - Red Hat Enterprise Linux 7 update for kernel-alt 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020041632

SB2020041632 - Red Hat Enterprise Linux 7 update for kernel-alt

Published: April 16, 2020

Security Bulletin ID SB2020041632
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 11% Medium 33% Low 56%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2019-14895)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.


2) Out-of-bounds write (CVE-ID: CVE-2019-14901)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in Marvell WiFi chip driver within the "mwifiex_process_tdls_action_frame()" function in "marvell/mwifiex/tdls.c". A remote attacker on the local network can send a specially crafted network traffic, trigger out-of-bounds write and execute arbitrary code on the target system.


3) Information disclosure (CVE-ID: CVE-2019-15031)

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.


4) NULL pointer dereference (CVE-ID: CVE-2019-15099)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the "drivers/net/wireless/ath/ath10k/usb.c". A remote attacker can trigger denial of service conditions via an incomplete address in an endpoint descriptor.


5) Out-of-bounds read (CVE-ID: CVE-2019-15666)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a boundary condition in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.


6) Memory leak (CVE-ID: CVE-2019-19922)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in "kernel/sched/fair.c" when "cpu.cfs_quota_us" is used (e.g., with Kubernetes). A local user can cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration.


7) NULL pointer dereference (CVE-ID: CVE-2019-20054)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 5.0.6 in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. A local user can perform a denial of service (DoS) attack.


8) Input validation error (CVE-ID: CVE-2019-20095)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.


9) Input validation error (CVE-ID: CVE-2019-5108)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.


Remediation

Install update from vendor's website.

References