Details of VAR-201909-0695

ID

VAR-201909-0695

CVE

CVE-2019-14835

TITLE

Linux Kernel Vulnerable to classic buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2019-009455

DESCRIPTION

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Linux Kernel Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. ========================================================================= Ubuntu Security Notice USN-4135-1 September 18, 2019 linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15030) It was discovered that the Linux kernel on PowerPC architectures did not properly handle exceptions on interrupts in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15031) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1016-aws 5.0.0-1016.18 linux-image-5.0.0-1017-gcp 5.0.0-1017.17 linux-image-5.0.0-1017-kvm 5.0.0-1017.18 linux-image-5.0.0-1017-raspi2 5.0.0-1017.17 linux-image-5.0.0-1020-azure 5.0.0-1020.21 linux-image-5.0.0-1021-snapdragon 5.0.0-1021.22 linux-image-5.0.0-29-generic 5.0.0-29.31 linux-image-5.0.0-29-generic-lpae 5.0.0-29.31 linux-image-5.0.0-29-lowlatency 5.0.0-29.31 linux-image-aws 5.0.0.1016.17 linux-image-azure 5.0.0.1020.19 linux-image-gcp 5.0.0.1017.43 linux-image-generic 5.0.0.29.30 linux-image-generic-lpae 5.0.0.29.30 linux-image-gke 5.0.0.1017.43 linux-image-kvm 5.0.0.1017.17 linux-image-lowlatency 5.0.0.29.30 linux-image-raspi2 5.0.0.1017.14 linux-image-snapdragon 5.0.0.1021.14 linux-image-virtual 5.0.0.29.30 Ubuntu 18.04 LTS: linux-image-4.15.0-1025-oracle 4.15.0-1025.28 linux-image-4.15.0-1044-gcp 4.15.0-1044.70 linux-image-4.15.0-1044-gke 4.15.0-1044.46 linux-image-4.15.0-1046-kvm 4.15.0-1046.46 linux-image-4.15.0-1047-raspi2 4.15.0-1047.51 linux-image-4.15.0-1050-aws 4.15.0-1050.52 linux-image-4.15.0-1056-oem 4.15.0-1056.65 linux-image-4.15.0-1064-snapdragon 4.15.0-1064.71 linux-image-4.15.0-64-generic 4.15.0-64.73 linux-image-4.15.0-64-generic-lpae 4.15.0-64.73 linux-image-4.15.0-64-lowlatency 4.15.0-64.73 linux-image-5.0.0-1017-gke 5.0.0-1017.17~18.04.1 linux-image-5.0.0-1020-azure 5.0.0-1020.21~18.04.1 linux-image-5.0.0-29-generic 5.0.0-29.31~18.04.1 linux-image-5.0.0-29-generic-lpae 5.0.0-29.31~18.04.1 linux-image-5.0.0-29-lowlatency 5.0.0-29.31~18.04.1 linux-image-aws 4.15.0.1050.49 linux-image-azure 5.0.0.1020.30 linux-image-gcp 4.15.0.1044.70 linux-image-generic 4.15.0.64.66 linux-image-generic-hwe-18.04 5.0.0.29.86 linux-image-generic-lpae 4.15.0.64.66 linux-image-generic-lpae-hwe-18.04 5.0.0.29.86 linux-image-gke 4.15.0.1044.47 linux-image-gke-4.15 4.15.0.1044.47 linux-image-gke-5.0 5.0.0.1017.7 linux-image-kvm 4.15.0.1046.46 linux-image-lowlatency 4.15.0.64.66 linux-image-lowlatency-hwe-18.04 5.0.0.29.86 linux-image-oem 4.15.0.1056.60 linux-image-oracle 4.15.0.1025.28 linux-image-powerpc-e500mc 4.15.0.64.66 linux-image-powerpc-smp 4.15.0.64.66 linux-image-powerpc64-emb 4.15.0.64.66 linux-image-powerpc64-smp 4.15.0.64.66 linux-image-raspi2 4.15.0.1047.45 linux-image-snapdragon 4.15.0.1064.67 linux-image-snapdragon-hwe-18.04 5.0.0.29.86 linux-image-virtual 4.15.0.64.66 linux-image-virtual-hwe-18.04 5.0.0.29.86 Ubuntu 16.04 LTS: linux-image-4.15.0-1025-oracle 4.15.0-1025.28~16.04.1 linux-image-4.15.0-1044-gcp 4.15.0-1044.46 linux-image-4.15.0-1050-aws 4.15.0-1050.52~16.04.1 linux-image-4.15.0-1059-azure 4.15.0-1059.64 linux-image-4.15.0-64-generic 4.15.0-64.73~16.04.1 linux-image-4.15.0-64-generic-lpae 4.15.0-64.73~16.04.1 linux-image-4.15.0-64-lowlatency 4.15.0-64.73~16.04.1 linux-image-4.4.0-1058-kvm 4.4.0-1058.65 linux-image-4.4.0-1094-aws 4.4.0-1094.105 linux-image-4.4.0-1122-raspi2 4.4.0-1122.131 linux-image-4.4.0-1126-snapdragon 4.4.0-1126.132 linux-image-4.4.0-164-generic 4.4.0-164.192 linux-image-4.4.0-164-generic-lpae 4.4.0-164.192 linux-image-4.4.0-164-lowlatency 4.4.0-164.192 linux-image-4.4.0-164-powerpc-e500mc 4.4.0-164.192 linux-image-4.4.0-164-powerpc-smp 4.4.0-164.192 linux-image-4.4.0-164-powerpc64-emb 4.4.0-164.192 linux-image-4.4.0-164-powerpc64-smp 4.4.0-164.192 linux-image-aws 4.4.0.1094.98 linux-image-aws-hwe 4.15.0.1050.50 linux-image-azure 4.15.0.1059.62 linux-image-gcp 4.15.0.1044.58 linux-image-generic 4.4.0.164.172 linux-image-generic-hwe-16.04 4.15.0.64.84 linux-image-generic-lpae 4.4.0.164.172 linux-image-generic-lpae-hwe-16.04 4.15.0.64.84 linux-image-gke 4.15.0.1044.58 linux-image-kvm 4.4.0.1058.58 linux-image-lowlatency 4.4.0.164.172 linux-image-lowlatency-hwe-16.04 4.15.0.64.84 linux-image-oem 4.15.0.64.84 linux-image-oracle 4.15.0.1025.18 linux-image-powerpc-e500mc 4.4.0.164.172 linux-image-powerpc-smp 4.4.0.164.172 linux-image-powerpc64-emb 4.4.0.164.172 linux-image-powerpc64-smp 4.4.0.164.172 linux-image-raspi2 4.4.0.1122.122 linux-image-snapdragon 4.4.0.1126.118 linux-image-virtual 4.4.0.164.172 linux-image-virtual-hwe-16.04 4.15.0.64.84 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7.6) - ppc64, ppc64le, x86_64 3. 7) - aarch64, noarch, ppc64le 3. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). 7.2) - noarch, x86_64 3. (CVE-2019-14835) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * fs deadlock when a memory allocation waits on page writeback in NOFS context (BZ#1729103) * fragmented packets timing out (BZ#1729409) * kernel build: speed up debuginfo extraction (BZ#1731460) * use "make -jN" for modules_install (BZ#1735079) * shmem: consider shm_mnt as a long-term mount (BZ#1737374) * raid1d can hang in freeze_array if handling a mix of read and write errors (BZ#1737792) * Backport TCP follow-up for small buffers (BZ#1739125) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2829-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2829 Issue date: 2019-09-20 CVE Names: CVE-2019-14835 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm ppc64: bpftool-3.10.0-1062.1.2.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-3.10.0-1062.1.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm kernel-devel-3.10.0-1062.1.2.el7.ppc64.rpm kernel-headers-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64.rpm perf-3.10.0-1062.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm python-perf-3.10.0-1062.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1062.1.2.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-devel-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-headers-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64le.rpm perf-3.10.0-1062.1.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm python-perf-3.10.0-1062.1.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm s390x: bpftool-3.10.0-1062.1.2.el7.s390x.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-3.10.0-1062.1.2.el7.s390x.rpm kernel-debug-3.10.0-1062.1.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.s390x.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1062.1.2.el7.s390x.rpm kernel-devel-3.10.0-1062.1.2.el7.s390x.rpm kernel-headers-3.10.0-1062.1.2.el7.s390x.rpm kernel-kdump-3.10.0-1062.1.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-1062.1.2.el7.s390x.rpm perf-3.10.0-1062.1.2.el7.s390x.rpm perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm python-perf-3.10.0-1062.1.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYSDiNzjgjWX9erEAQiVUQ/9EzNEE3VBb1tjfASE0BrtTQXPGV5OD0jF xgNeuTZt7X15behgUtLM3tDg3eiPYZnEErojpJr52sh7Jz1J2GuVajbVpUtaW2Wm P+iI+zmtzhdUPns6zbuV4Qkyk0Q2WNxt1RLMcZeXtDMKiYN7Tj34wmF2aKhvAB6i Du+8LiPcsU84XcyT5z4lnG/iRCw1CqHvuVj7oJNQCWGC3X3Am6hkmuZ3Y1I5+cI8 mqJIb+aEbvVnAzDLdyl9JoTOPy+e5X0wHLiTEwKgp6k6IaWdVoPoxcrx4M8TPPbN 7A8Q7KrLAqeDNkft8YKmYgO3alE7915/FaRcpzAoPlBlot/OvCeiwP0qPjQ9ki0C JrOk98DYgRD0OxLfXoe4mMfYyh+yb+Q3APxjv6r75RJuxXIQGHMgo8EWVRNkA7Je 2CMFtk2J1x/eiQnRN/UbEri6oDc9LIC6o4eANEm1hNPNoYi66xPDeTMiwua79q0n SnPLqXjjm0jDft7XOvv/5H9AuaRjurZLzMf6a08OouxCkzM8t1iRCnBrVTAW+AqW j/0eZz+ElMoM4xTtzM1aZit+0dy0wVbTdeCpbVJQre89Z2iA1exdgptnO+8/oLa3 XnWaluoWVObovE4ev0czx8ML9oJ13gVglU2Zme3Uzian48/2+/bgJHrjr3J+GLYG 6PiQ0CEHbCQ=V1EB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements

Trust: 2.52

sources: NVD: CVE-2019-14835 // JVNDB: JVNDB-2019-009455 // VULHUB: VHN-146821 // PACKETSTORM: 154514 // PACKETSTORM: 154608 // PACKETSTORM: 154569 // PACKETSTORM: 154566 // PACKETSTORM: 154562 // PACKETSTORM: 154659 // PACKETSTORM: 154607 // PACKETSTORM: 154541 // PACKETSTORM: 154540

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	lt	version:	3.16.74	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	huawei	model:	imanager neteco 6000	scope:	eq	version:	v600r008c20	Trust: 1.0
vendor:	netapp	model:	service processor	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.19	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.9	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	huawei	model:	imanager neteco	scope:	eq	version:	v600r009c00	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	huawei	model:	imanager neteco	scope:	eq	version:	v600r009c10spc200	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.0	Trust: 1.0
vendor:	netapp	model:	h300e	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.5	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.2	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.0	Trust: 1.0
vendor:	netapp	model:	h700e	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time	scope:	eq	version:	8	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	redhat	model:	openshift container platform	scope:	eq	version:	3.11	Trust: 1.0
vendor:	netapp	model:	aff a700s	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.14	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.73	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc1.b080	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	eq	version:	5.3	Trust: 1.0
vendor:	redhat	model:	virtualization	scope:	eq	version:	4.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.14.144	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	netapp	model:	data availability services	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.9.193	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	netapp	model:	h500e	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.4.193	Trust: 1.0
vendor:	netapp	model:	solidfire	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	2.6.34	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h610s	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time	scope:	eq	version:	7	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc1.b060	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.0.spc100.b210	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.rc2.b050	Trust: 1.0
vendor:	redhat	model:	virtualization host	scope:	eq	version:	4.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	5.2.15	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	huawei	model:	imanager neteco 6000	scope:	eq	version:	v600r008c10spc300	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.34 to 5.2.x	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	virtualization	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-009455 // NVD: CVE-2019-14835

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14835
value:	HIGH
Trust: 1.0
secalert@redhat.com:	CVE-2019-14835
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-14835
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201909-807
value:	HIGH
Trust: 0.6
VULHUB:	VHN-146821
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-14835
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-146821
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14835
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secalert@redhat.com:	CVE-2019-14835
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.6
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2019-14835
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-146821 // JVNDB: JVNDB-2019-009455 // CNNVD: CNNVD-201909-807 // NVD: CVE-2019-14835 // NVD: CVE-2019-14835

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.9

sources: VULHUB: VHN-146821 // JVNDB: JVNDB-2019-009455 // NVD: CVE-2019-14835

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 154514 // CNNVD: CNNVD-201909-807

TYPE

overflow

Trust: 0.8

sources: PACKETSTORM: 154608 // PACKETSTORM: 154569 // PACKETSTORM: 154566 // PACKETSTORM: 154562 // PACKETSTORM: 154659 // PACKETSTORM: 154607 // PACKETSTORM: 154541 // PACKETSTORM: 154540

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009455

PATCH

title:	Linux Kernel Archives	url:	http://www.kernel.org	Trust: 0.8
title:	Bug 1750727	url:	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835	Trust: 0.8
title:	USN-4135-2	url:	https://usn.ubuntu.com/4135-2/	Trust: 0.8
title:	Linux kernel Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=98340	Trust: 0.6

sources: JVNDB: JVNDB-2019-009455 // CNNVD: CNNVD-201909-807

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14835	Trust: 3.4
db:	OPENWALL	id:	OSS-SECURITY/2019/09/17/1	Trust: 2.5
db:	PACKETSTORM	id:	155212	Trust: 1.7
db:	PACKETSTORM	id:	154951	Trust: 1.7
db:	PACKETSTORM	id:	154572	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2019/10/03/1	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2019/10/09/7	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2019/09/24/1	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2019/10/09/3	Trust: 1.7
db:	PACKETSTORM	id:	154514	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-009455	Trust: 0.8
db:	PACKETSTORM	id:	154558	Trust: 0.7
db:	CNNVD	id:	CNNVD-201909-807	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4584	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0141	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4252	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0270	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4261	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3536	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346.2	Trust: 0.6
db:	PACKETSTORM	id:	154562	Trust: 0.2
db:	PACKETSTORM	id:	154566	Trust: 0.2
db:	PACKETSTORM	id:	154540	Trust: 0.2
db:	PACKETSTORM	id:	154541	Trust: 0.2
db:	PACKETSTORM	id:	154659	Trust: 0.2
db:	PACKETSTORM	id:	154569	Trust: 0.2
db:	PACKETSTORM	id:	154539	Trust: 0.1
db:	PACKETSTORM	id:	154538	Trust: 0.1
db:	PACKETSTORM	id:	154513	Trust: 0.1
db:	PACKETSTORM	id:	154570	Trust: 0.1
db:	PACKETSTORM	id:	154602	Trust: 0.1
db:	PACKETSTORM	id:	154563	Trust: 0.1
db:	PACKETSTORM	id:	154564	Trust: 0.1
db:	PACKETSTORM	id:	154565	Trust: 0.1
db:	PACKETSTORM	id:	154585	Trust: 0.1
db:	VULHUB	id:	VHN-146821	Trust: 0.1
db:	PACKETSTORM	id:	154608	Trust: 0.1
db:	PACKETSTORM	id:	154607	Trust: 0.1

sources: VULHUB: VHN-146821 // PACKETSTORM: 154514 // PACKETSTORM: 154608 // PACKETSTORM: 154569 // PACKETSTORM: 154566 // PACKETSTORM: 154562 // PACKETSTORM: 154659 // PACKETSTORM: 154607 // PACKETSTORM: 154541 // PACKETSTORM: 154540 // JVNDB: JVNDB-2019-009455 // CNNVD: CNNVD-201909-807 // NVD: CVE-2019-14835

REFERENCES

url:	https://www.openwall.com/lists/oss-security/2019/09/17/1	Trust: 2.5
url:	https://usn.ubuntu.com/4135-1/	Trust: 2.3
url:	https://usn.ubuntu.com/4135-2/	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14835	Trust: 2.3
url:	https://access.redhat.com/security/cve/cve-2019-14835	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2019:2829	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2830	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2862	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2864	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2869	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2899	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2900	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2924	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/sep/41	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/nov/11	Trust: 1.7
url:	https://www.debian.org/security/2019/dsa-4531	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yw3qnmpenpfegvtofpsnobl7jeijs25p/	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kqfy6jyfiq2vfq7qcsxpwtul5zdncjl5/	Trust: 1.7
url:	https://access.redhat.com/errata/rhba-2019:2824	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2827	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2828	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2854	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2863	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2865	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2866	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2867	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2889	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2901	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/09/24/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/10/03/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/10/09/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/10/09/7	Trust: 1.7
url:	http://packetstormsecurity.com/files/154572/kernel-live-patch-security-notice-lsn-0056-1.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/154951/kernel-live-patch-security-notice-lsn-0058-1.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/155212/slackware-security-advisory-slackware-14.2-kernel-updates.html	Trust: 1.7
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14835	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20191031-0005/	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html	Trust: 1.7
url:	https://access.redhat.com/security/vulnerabilities/kernel-vhost	Trust: 1.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/team/key/	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14835	Trust: 0.8
url:	https://access.redhat.com/articles/11258	Trust: 0.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1750727	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kqfy6jyfiq2vfq7qcsxpwtul5zdncjl5/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yw3qnmpenpfegvtofpsnobl7jeijs25p/	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914218-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html	Trust: 0.6
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/linux-kernel-buffer-overflow-via-vhost-vhost-net-30355	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-01-qemu-cn	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4261/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4252/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4584/	Trust: 0.6
url:	https://packetstormsecurity.com/files/154558/red-hat-security-advisory-2019-2854-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/154514/ubuntu-security-notice-usn-4135-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3536/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0141/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1173364	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0270/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346.2/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-1125	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1125	Trust: 0.2
url:	https://access.redhat.com/articles/4329821	Trust: 0.2
url:	https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-29.31~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1122.131	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1017.18	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15030	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1059.64	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1044.46	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1017.17	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1017.17	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/5.0.0-29.31	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1094.105	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1050.52~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1044.46	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1047.51	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1050.52	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.15.0-64.73	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1025.28~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1020.21~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1021.22	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1016.18	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1058.65	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1126.132	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1056.65	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1046.46	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1017.17~18.04.1	Trust: 0.1
url:	https://usn.ubuntu.com/4135-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1025.28	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1044.70	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.4.0-164.192	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1064.71	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15031	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1020.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-64.73~16.04.1	Trust: 0.1
url:	https://access.redhat.com/articles/2974891	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

SOURCES

db:	VULHUB	id:	VHN-146821
db:	PACKETSTORM	id:	154514
db:	PACKETSTORM	id:	154608
db:	PACKETSTORM	id:	154569
db:	PACKETSTORM	id:	154566
db:	PACKETSTORM	id:	154562
db:	PACKETSTORM	id:	154659
db:	PACKETSTORM	id:	154607
db:	PACKETSTORM	id:	154541
db:	PACKETSTORM	id:	154540
db:	JVNDB	id:	JVNDB-2019-009455
db:	CNNVD	id:	CNNVD-201909-807
db:	NVD	id:	CVE-2019-14835

LAST UPDATE DATE

2025-06-26T21:04:09.285000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-146821	date:	2023-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-009455	date:	2019-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201909-807	date:	2023-03-23T00:00:00
db:	NVD	id:	CVE-2019-14835	date:	2024-11-21T04:27:27.790

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-146821	date:	2019-09-17T00:00:00
db:	PACKETSTORM	id:	154514	date:	2019-09-18T21:22:40
db:	PACKETSTORM	id:	154608	date:	2019-09-25T18:06:56
db:	PACKETSTORM	id:	154569	date:	2019-09-23T18:26:57
db:	PACKETSTORM	id:	154566	date:	2019-09-23T18:26:27
db:	PACKETSTORM	id:	154562	date:	2019-09-23T18:25:39
db:	PACKETSTORM	id:	154659	date:	2019-09-30T04:44:44
db:	PACKETSTORM	id:	154607	date:	2019-09-25T18:06:46
db:	PACKETSTORM	id:	154541	date:	2019-09-20T14:58:33
db:	PACKETSTORM	id:	154540	date:	2019-09-20T14:57:53
db:	JVNDB	id:	JVNDB-2019-009455	date:	2019-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201909-807	date:	2019-09-17T00:00:00
db:	NVD	id:	CVE-2019-14835	date:	2019-09-17T16:15:10.980