ID

VAR-201909-0695

CVE

CVE-2019-14835

TITLE

Red Hat Security Advisory 2019-2889-01

DESCRIPTION

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:2900-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2900 Issue date: 2019-09-25 CVE Names: CVE-2019-1125 CVE-2019-14835 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.3) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.3) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.3) - noarch, x86_64 3. (CVE-2019-14835) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * fs deadlock when a memory allocation waits on page writeback in NOFS context (BZ#1729105) * fragmented packets timing out (BZ#1729410) * kernel build: speed up debuginfo extraction (BZ#1731461) * use "make -jN" for modules_install (BZ#1735080) * shmem: consider shm_mnt as a long-term mount (BZ#1737375) * Backport TCP follow-up for small buffers (BZ#1739126) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1724389 - CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: kernel-3.10.0-514.69.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.69.1.el7.noarch.rpm kernel-doc-3.10.0-514.69.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.69.1.el7.x86_64.rpm kernel-debug-3.10.0-514.69.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.69.1.el7.x86_64.rpm kernel-devel-3.10.0-514.69.1.el7.x86_64.rpm kernel-headers-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.69.1.el7.x86_64.rpm perf-3.10.0-514.69.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm python-perf-3.10.0-514.69.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.3): Source: kernel-3.10.0-514.69.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.69.1.el7.noarch.rpm kernel-doc-3.10.0-514.69.1.el7.noarch.rpm ppc64le: kernel-3.10.0-514.69.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.69.1.el7.ppc64le.rpm kernel-debug-3.10.0-514.69.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.69.1.el7.ppc64le.rpm kernel-devel-3.10.0-514.69.1.el7.ppc64le.rpm kernel-headers-3.10.0-514.69.1.el7.ppc64le.rpm kernel-tools-3.10.0-514.69.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.69.1.el7.ppc64le.rpm perf-3.10.0-514.69.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm python-perf-3.10.0-514.69.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-514.69.1.el7.x86_64.rpm kernel-debug-3.10.0-514.69.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.69.1.el7.x86_64.rpm kernel-devel-3.10.0-514.69.1.el7.x86_64.rpm kernel-headers-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.69.1.el7.x86_64.rpm perf-3.10.0-514.69.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm python-perf-3.10.0-514.69.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.3): Source: kernel-3.10.0-514.69.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.69.1.el7.noarch.rpm kernel-doc-3.10.0-514.69.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.69.1.el7.x86_64.rpm kernel-debug-3.10.0-514.69.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.69.1.el7.x86_64.rpm kernel-devel-3.10.0-514.69.1.el7.x86_64.rpm kernel-headers-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.69.1.el7.x86_64.rpm perf-3.10.0-514.69.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm python-perf-3.10.0-514.69.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.69.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.3): ppc64le: kernel-debug-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.69.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.69.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.69.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.69.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.69.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.69.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.69.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-1125 https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/4329821 https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYtc3tzjgjWX9erEAQhLbQ/9He4EewP2oLmpSD+YgwrsmicC0tkXAwHQ mewfO+F8Km5VbKeBTvUg3tt0H2xCepbKMD0/zl1TgElv1+HD1Gfy8Wp6be9+2O07 ysbx9TVAS8+dpsvyunkdLUms3qyqH9DPNLwkv0oxicOUgW9wyS0k+icp2vi2D6ru rHGbIciOf3adLlnebmTAS0VRyw9rPbOnsDHnM3Nt092K7HqWrnsbWXSNxo9swPwO fyjKy7ww9hEMbcbrS5TCXPpgCGPayFPYu6usIWHe4vanC2zu9bLKf3NQVmQLgfa5 5Of1vIHkRh2PhFKRNKLzIrdZdgDZ/dVFBJCVqyaWdMNW/lazaLjC7GK3lMXgOp+j bUktXaPe6Wrb1qdJZvGDnaJ8wjMUnoBNt2qvCszQHy/hw3Mu/tZVt0SM29JB669k VXJp+T/vbEBz6XR9lfL/9kGsEkjYY7KfFRg+2AUn/jzf+NiEJPdeXTHo1d22WADK lIgsa1KRqxGHx92LpPGh7Qufv7CtM1X70x7eddYY1yFwKbQe5sZjpD8wKChw+zDx ziz1up8tE9nFNGkT0EurprzoEvUHEva1Ex2ntM8wE5SKQDOHo23yiB/cB59W1W+T 6FIFf+ezOO8Cuz6XTuF6dhr1eG6yN1KrrVoYoHlIvsK6Fep7rn2/lLPslXXPT41n HdBiOekTEfs\xe8Qk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Kernel Live Patch Security Notice 0058-1 October 22, 2019 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 18.04 LTS | 4.15.0 | amd64 | aws | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | oem | | Ubuntu 18.04 LTS | 5.0.0 | amd64 | azure | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | aws | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | azure | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-20961) It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054) It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477) Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14815) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. (CVE-2019-14835) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 58.1 | lowlatency, generic | | 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-150.176 | 58.1 | generic, lowlatency | | 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-151.178 | 58.1 | lowlatency, generic | | 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-154.181 | 58.1 | lowlatency, generic | | 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-157.185 | 58.1 | lowlatency, generic | | 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-159.187 | 58.1 | lowlatency, generic | | 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-161.189 | 58.1 | lowlatency, generic | | 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-164.192 | 58.1 | lowlatency, generic | | 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-165.193 | 58.1 | generic, lowlatency | | 4.4.0-1083.93 | 58.1 | aws | | 4.4.0-1084.94 | 58.1 | aws | | 4.4.0-1085.96 | 58.1 | aws | | 4.4.0-1087.98 | 58.1 | aws | | 4.4.0-1088.99 | 58.1 | aws | | 4.4.0-1090.101 | 58.1 | aws | | 4.4.0-1092.103 | 58.1 | aws | | 4.4.0-1094.105 | 58.1 | aws | | 4.15.0-50.54 | 58.1 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-51.55 | 58.1 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-52.56 | 58.1 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-54.58 | 58.1 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-55.60 | 58.1 | generic, lowlatency | | 4.15.0-58.64 | 58.1 | generic, lowlatency | | 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-60.67 | 58.1 | lowlatency, generic | | 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-62.69 | 58.1 | generic, lowlatency | | 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-64.73 | 58.1 | generic, lowlatency | | 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-65.74 | 58.1 | lowlatency, generic | | 4.15.0-1038.43 | 58.1 | oem | | 4.15.0-1039.41 | 58.1 | aws | | 4.15.0-1039.44 | 58.1 | oem | | 4.15.0-1040.42 | 58.1 | aws | | 4.15.0-1041.43 | 58.1 | aws | | 4.15.0-1043.45 | 58.1 | aws | | 4.15.0-1043.48 | 58.1 | oem | | 4.15.0-1044.46 | 58.1 | aws | | 4.15.0-1045.47 | 58.1 | aws | | 4.15.0-1045.50 | 58.1 | oem | | 4.15.0-1047.49 | 58.1 | aws | | 4.15.0-1047.51 | 58.1 | azure | | 4.15.0-1048.50 | 58.1 | aws | | 4.15.0-1049.54 | 58.1 | azure | | 4.15.0-1050.52 | 58.1 | aws | | 4.15.0-1050.55 | 58.1 | azure | | 4.15.0-1050.57 | 58.1 | oem | | 4.15.0-1051.53 | 58.1 | aws | | 4.15.0-1051.56 | 58.1 | azure | | 4.15.0-1052.57 | 58.1 | azure | | 4.15.0-1055.60 | 58.1 | azure | | 4.15.0-1056.61 | 58.1 | azure | | 4.15.0-1056.65 | 58.1 | oem | | 4.15.0-1057.62 | 58.1 | azure | | 4.15.0-1057.66 | 58.1 | oem | | 4.15.0-1059.64 | 58.1 | azure | | 5.0.0-1014.14~18.04.1 | 58.1 | azure | | 5.0.0-1016.17~18.04.1 | 58.1 | azure | | 5.0.0-1018.19~18.04.1 | 58.1 | azure | | 5.0.0-1020.21~18.04.1 | 58.1 | azure | Support Information: Kernels older than the levels listed below do not receive livepatch updates. Please upgrade your kernel as soon as possible. | Series | Version | Flavors | |------------------+------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1039 | aws | | Ubuntu 16.04 LTS | 4.4.0-1083 | aws | | Ubuntu 18.04 LTS | 5.0.0-1000 | azure | | Ubuntu 16.04 LTS | 4.15.0-1047 | azure | | Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1038 | oem | | Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency | References: CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. 7.5) - ppc64, ppc64le, x86_64 3. (CVE-2019-14835) 4. 6.6) - x86_64 3. CVE-2019-14821 Matt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. CVE-2019-14835 Peter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. CVE-2019-15117 Hui Peng and Mathias Payer reported a missing bounds check in the usb-audio driver's descriptor parsing code, leading to a buffer over-read. CVE-2019-15118 Hui Peng and Mathias Payer reported unbounded recursion in the usb-audio driver's descriptor parsing code, leading to a stack overflow. On the amd64 architecture, and on the arm64 architecture in buster, this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash. CVE-2019-15902 Brad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u1. For the stable distribution (buster), these problems have been fixed in version 4.19.67-2+deb10u1. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2K5xlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sj8xAAnBGWzlmy5RyQe8VCE3kkMpwmH/00I5IFpjTbAVvyHzKVYl96YbY1YuAP ID++cBxBElWCQriwCESc5Um/BGpOMmTa3VlkXIVy6uHgwt1Hn+ZW/syFaGt0/brW eKIecVQLyZaV7OOx4Q+J9H5WN1FNKoV3BCsfUFlRqNCUtYQ46X7pN+gyytW4KbZo AEbPkEdUhv2Z6ndq8Z/OJ5cyYms+OonEt08e2qcN0Ig+qRY9l3fgSn/X3tKQiuJj jGKPkd0VYrFzfDKekcboIBZyegahReRe4k+V8I+o/acuQJGR1cV/qCGxboFFI2+s WeSUhaVixP+7HLXyRljFBdvXlAnx/IajEPG+RAVt6zZs1yK+8bVIhai5TarcwbF3 DWQZvpAeLaKgIN4x7s7xDHNJzO9Ea9fhXm/9T1AoaO3wdN2zjOYHLG3YO4TF0PpF rYY9t17uNdAuCxPeQWCciDOiNQVbEmr3+al/78m2VZcBYEI2s1E9fgQJV21rRlv+ fEavwX9OJg6GKcW9v6cyegyf4gfTvjyzIP/rcmn55hiQ9vjVNykkoNUES5Do6sTb /pSSRuUpJtEE+6LnnqbdD0E6l8SC6zgA/+Pu/7BrACxlk9bhYFmVaAwbPPEuRgrz 3d87MB8FEHu4RDGSgomb849wuAXnEVDwM034VtURUSEAXVFQ0dY=Wqdv -----END PGP SIGNATURE----- . 7) - aarch64, noarch, ppc64le 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

overflow

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-01-14T20:45:25.903000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE