VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201911-1619 CVE-2018-12207 Red Hat Security Advisory 2019-3836-01 CVSS V2: 4.9
CVSS V3: 6.5
Severity: MEDIUM
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Both Microsoft Windows and Microsoft Windows Server are products of Microsoft Corporation. Microsoft Windows is an operating system for personal devices. Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in Microsoft Windows and Windows Server due to the program's improper handling of objects in memory. An attacker could exploit this vulnerability by logging on to an affected system and running a specially crafted application to cause the targeted system to become unresponsive. The following products and versions are affected: Microsoft Windows 10, Windows 10 Version 1607, Windows 10 Version 1709, Windows 10 Version 1803, Windows 10 Version 1809, Windows 10 Version 1903, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server version 1803, Windows Server version 1903. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:3836-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3836 Issue date: 2019-11-12 CVE Names: CVE-2018-12207 CVE-2019-0154 CVE-2019-3900 CVE-2019-11135 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled, performance impact observed on user space benchmark (BZ#1560787) * kernel-2.6.32-573.60.2.el6 hangs/resets during boot in efi_enter_virtual_mode() on Xeon v2 E7-2870 (BZ#1645724) * Slab leak: skbuff_head_cache slab object still allocated after mcast processes are stopped and "fragments dropped after timeout" errors are shown (BZ#1752536) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IPU) 1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS 1724393 - CVE-2019-0154 hw: Intel GPU Denial Of Service while accessing MMIO in lower power state 1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.24.2.el6.src.rpm i386: kernel-2.6.32-754.24.2.el6.i686.rpm kernel-debug-2.6.32-754.24.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm kernel-devel-2.6.32-754.24.2.el6.i686.rpm kernel-headers-2.6.32-754.24.2.el6.i686.rpm perf-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpm kernel-doc-2.6.32-754.24.2.el6.noarch.rpm kernel-firmware-2.6.32-754.24.2.el6.noarch.rpm x86_64: kernel-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm kernel-devel-2.6.32-754.24.2.el6.x86_64.rpm kernel-headers-2.6.32-754.24.2.el6.x86_64.rpm perf-2.6.32-754.24.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm python-perf-2.6.32-754.24.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.24.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpm kernel-doc-2.6.32-754.24.2.el6.noarch.rpm kernel-firmware-2.6.32-754.24.2.el6.noarch.rpm x86_64: kernel-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm kernel-devel-2.6.32-754.24.2.el6.x86_64.rpm kernel-headers-2.6.32-754.24.2.el6.x86_64.rpm perf-2.6.32-754.24.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm python-perf-2.6.32-754.24.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.24.2.el6.src.rpm i386: kernel-2.6.32-754.24.2.el6.i686.rpm kernel-debug-2.6.32-754.24.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm kernel-devel-2.6.32-754.24.2.el6.i686.rpm kernel-headers-2.6.32-754.24.2.el6.i686.rpm perf-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpm kernel-doc-2.6.32-754.24.2.el6.noarch.rpm kernel-firmware-2.6.32-754.24.2.el6.noarch.rpm ppc64: kernel-2.6.32-754.24.2.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.24.2.el6.ppc64.rpm kernel-debug-2.6.32-754.24.2.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.24.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.24.2.el6.ppc64.rpm kernel-devel-2.6.32-754.24.2.el6.ppc64.rpm kernel-headers-2.6.32-754.24.2.el6.ppc64.rpm perf-2.6.32-754.24.2.el6.ppc64.rpm perf-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm s390x: kernel-2.6.32-754.24.2.el6.s390x.rpm kernel-debug-2.6.32-754.24.2.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.s390x.rpm kernel-debug-devel-2.6.32-754.24.2.el6.s390x.rpm kernel-debuginfo-2.6.32-754.24.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.24.2.el6.s390x.rpm kernel-devel-2.6.32-754.24.2.el6.s390x.rpm kernel-headers-2.6.32-754.24.2.el6.s390x.rpm kernel-kdump-2.6.32-754.24.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.24.2.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.24.2.el6.s390x.rpm perf-2.6.32-754.24.2.el6.s390x.rpm perf-debuginfo-2.6.32-754.24.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.s390x.rpm x86_64: kernel-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm kernel-devel-2.6.32-754.24.2.el6.x86_64.rpm kernel-headers-2.6.32-754.24.2.el6.x86_64.rpm perf-2.6.32-754.24.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.24.2.el6.ppc64.rpm perf-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm python-perf-2.6.32-754.24.2.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.24.2.el6.s390x.rpm kernel-debuginfo-2.6.32-754.24.2.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.24.2.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.24.2.el6.s390x.rpm perf-debuginfo-2.6.32-754.24.2.el6.s390x.rpm python-perf-2.6.32-754.24.2.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm python-perf-2.6.32-754.24.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.24.2.el6.src.rpm i386: kernel-2.6.32-754.24.2.el6.i686.rpm kernel-debug-2.6.32-754.24.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm kernel-devel-2.6.32-754.24.2.el6.i686.rpm kernel-headers-2.6.32-754.24.2.el6.i686.rpm perf-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpm kernel-doc-2.6.32-754.24.2.el6.noarch.rpm kernel-firmware-2.6.32-754.24.2.el6.noarch.rpm x86_64: kernel-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm kernel-devel-2.6.32-754.24.2.el6.x86_64.rpm kernel-headers-2.6.32-754.24.2.el6.x86_64.rpm perf-2.6.32-754.24.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm python-perf-2.6.32-754.24.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm python-perf-2.6.32-754.24.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-12207 https://access.redhat.com/security/cve/CVE-2019-0154 https://access.redhat.com/security/cve/CVE-2019-3900 https://access.redhat.com/security/cve/CVE-2019-11135 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/ifu-page-mce https://access.redhat.com/solutions/tsx-asynchronousabort https://access.redhat.com/solutions/i915-graphics 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXcsc39zjgjWX9erEAQiIXQ//fbQ5UKtMa2pfofnF6CbwO4DbAYnOWbqx 1n4xgcWLZljSYz0/jp7h+fcDcF0TaQYswGhNj/oCvpGUl5NOZMhbAwVy/+hzzHiP gqRzyZSgIFpM1fUu+AtjGInWVS37eDGGqxQqsBGNh30l4/x4DduCdmN7XDXrKxgz 1TVUlsS34AHHmhk3brFeaf/bPY2jIGH9oZfC3wiX3L8sczjmSOlCC3E1sI3pm/uo Vin3Sl4vz9+krNNwxZw/6WE4wXMslaRBYku6cW31RgdmrZXXJGqYt5hglMbckSwn +x8SrFcRJkbgQiCo27ikf1rnjz/NB2f0E9kIoOVHoKZ/RW/HgFVlgC5LSZqrsVtE ARRhaT4dHDRZWxMwFaf6NNo6CpigxXC2fh7+9KXylUAq7HAT03wCBf1KWMgCzbG9 RlWSLQc5z8pwWPvnN1vsL5ZyaAXUDGjjU0ebSgcxvRRmGVt+YKtiGJU58lR6RuZt up6aUM1QoXNCKiLB+497ZNwANj0G3oBRA2qEAstffJksMrEBD3X15rIE4m5vxGpS ZMqKmT72HuG6MjOOwPZq6qwN0fOwpoAPnpIvHtl0NXJHtu1AmJgXcfERkNlN9X8d u+Mgr+sYxDjAlysz0qOwvD0Ib9SRFgwGQgo+B6Wvi6iG17yh9B/cunAYUQ0wDm3U XkMJCJGhDCY= =fpzb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change. (CVE-2018-12207) * A flaw was found in the way sudo implemented running commands with an arbitrary user ID. If a sudoers entry is written to allow users to run a command as any user except root, this flaw can be used by an attacker to bypass that restriction. (CVE-2019-14287) * An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local user could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the DNS, Search Domain, LLMNR, DNSSEC, and other network link settings without any authorization, giving them control of the network names resolution process and causing the system to communicate with wrong or malicious servers. (CVE-2019-15718) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.24, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IFU) 1746057 - CVE-2019-15718 systemd: systemd-resolved allows unprivileged users to configure DNS 1760531 - CVE-2019-14287 sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword 5. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1782199 - CVE-2019-19339 kpatch: hw: incomplete fix for CVE-2018-12207 6. 6.6) - x86_64 3. Due to the high complexity of the fixes and the required microcode update, we are unable to livepatch this set of CVEs. Please plan to reboot into an updated kernel as soon as possible. The details of these CVEs follows: CVE-2018-12207 On an Ubuntu KVM host configured to use huge pages, a malicious KVM guest can cause a host machine check exception (MCE) capable of bringing down the host OS. CVE-2019-11135 On Intel processors with support for Transactional Synchronization Extensions (TSX), it is possible to exploit a transactional asynchronous abort (TAA) to perform a side-channel attack and leak kernel memory. Further details on the vulnerabilities and our response can be found here: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915 Again, due to the high complexity of the fixes and the required microcode update, we are unable to livepatch this set of CVEs. Please plan to reboot into an updated kernel as soon as possible. | Series | Version | Flavors | |------------------+-----------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1054.55 | aws | | Ubuntu 16.04 LTS | 4.4.0-1098.102 | aws | | Ubuntu 18.04 LTS | 5.0.0-1025.27~18.04.1 | azure | | Ubuntu 16.04 LTS | 4.15.0-1063.66 | azure | | Ubuntu 18.04 LTS | 4.15.0-69.78 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-69.78~16.04.1 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-168.197~14.04.1 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1063.72 | oem | | Ubuntu 16.04 LTS | 4.4.0-168.197 | generic lowlatency | Support Information: Kernels older than the levels listed above will no longer receive livepatch updates. References: CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . Corrected: 2019-11-12 18:03:26 UTC (stable/12, 12.1-STABLE) 2019-11-12 18:13:04 UTC (releng/12.1, 12.1-RELEASE-p1) 2019-11-12 18:13:04 UTC (releng/12.0, 12.0-RELEASE-p12) 2019-11-12 18:04:28 UTC (stable/11, 11.3-STABLE) 2019-11-12 18:13:04 UTC (releng/11.3, 11.3-RELEASE-p5) CVE Name: CVE-2018-12207 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background The Intel machine check architecture is a mechanism to detect and report hardware errors, such as system bus errors, ECC errors, parity errors, and others. This allows the processor to signal the detection of a machine check error to the operating system. II. Problem Description Intel discovered a previously published erratum on some Intel platforms can be exploited by malicious software to potentially cause a denial of service by triggering a machine check that will crash or hang the system. III. IV. Workaround No workaround is available. Systems not running untrusted guest virtual machines are not impacted. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.1] # fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.12.1.patch # fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.12.1.patch.asc # gpg --verify mcepsc.12.1.patch.asc [FreeBSD 12.0] # fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.12.0.patch # fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.12.0.patch.asc # gpg --verify mcepsc.12.0.patch.asc [FreeBSD 11.3] # fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.11.patch # fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.11.patch.asc # gpg --verify mcepsc.11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r354650 releng/12.1/ r354653 releng/12.0/ r354653 stable/11/ r354651 releng/11.3/ r354653 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. ========================================================================== Ubuntu Security Notice USN-4183-2 November 13, 2019 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 Summary: Several security issues were fixed in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian \xd6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: linux-image-5.3.0-23-generic 5.3.0-23.25 linux-image-5.3.0-23-generic-lpae 5.3.0-23.25 linux-image-5.3.0-23-lowlatency 5.3.0-23.25 linux-image-5.3.0-23-snapdragon 5.3.0-23.25 linux-image-generic 5.3.0.23.27 linux-image-generic-lpae 5.3.0.23.27 linux-image-lowlatency 5.3.0.23.27 linux-image-snapdragon 5.3.0.23.27 linux-image-virtual 5.3.0.23.27 Please note that mitigating the TSX (CVE-2019-11135) and i915 (CVE-2019-0154) issues requires corresponding microcode and graphics firmware updates respectively. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well
VAR-202009-0516 CVE-2019-15992 Cisco Adaptive Security Appliance  Software and  Cisco Firepower Threat Defense  Buffer error vulnerabilities in software CVSS V2: 9.0
CVSS V3: 7.2
Severity: HIGH
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources. A buffer error vulnerability exists in the implementation of the Lua interpreter in Cisco ASA Software and Cisco FTD
VAR-201912-1716 CVE-2019-0131 Intel(R) AMT Input validation vulnerability CVSS V2: 4.8
CVSS V3: 8.1
Severity: HIGH
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An input validation error vulnerability exists in Intel Active Management Technology due to insufficient input validation. An attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. The following products and versions are affected: Intel Active Management Technology versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45
VAR-201912-1712 CVE-2019-0165 Intel(R) AMT Input validation vulnerability CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access. Intel(R) AMT Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A security vulnerability exists in Intel CSME prior to 12.0.45, prior to 13.0.10, and prior to 14.0.10 due to insufficient input validation. A local attacker could exploit this vulnerability to cause a denial of service
VAR-201912-1713 CVE-2019-0166 Intel(R) AMT Input validation vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT Contains an input validation vulnerability.Information may be obtained. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An input validation error vulnerability exists in Intel Active Management Technology due to insufficient input validation. A local attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are affected: Intel Active Management Technology versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45
VAR-201912-1714 CVE-2019-0168 Intel(R) CSME and TXE Input validation vulnerability CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME and TXE Contains an input validation vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in the subsystems in Intel CSME and TXE. A local attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel CSME before 11.8.70, before 12.0.45, before 13.0.10; Intel TXE before 3.1.70, before 4.0.20
VAR-201912-1715 CVE-2019-0169 Intel(R) CSME and TXE Vulnerable to out-of-bounds writing CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access. Intel(R) CSME and TXE Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Buffer error vulnerabilities exist in subsystems in Intel CSME and Intel TXE. Attackers can exploit this vulnerability to elevate privileges, leak information or cause denial of service. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45; Intel TXE before 3.1.70, before 4.0.20
VAR-201912-1761 CVE-2019-11087 Intel(R) CSME and TXE Input validation vulnerability CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel(R) CSME and TXE Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in a subsystem in Intel CSME and Intel TXE due to insufficient input validation. A local attacker could exploit this vulnerability to elevate privileges, disclose information or cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20
VAR-201912-1762 CVE-2019-11088 Intel(R) AMT Input validation vulnerability CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
VAR-201912-1815 CVE-2019-11100 Intel(R) AMT Input validation vulnerability CVSS V2: 2.1
CVSS V3: 4.6
Severity: MEDIUM
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access. Intel(R) AMT Contains an input validation vulnerability.Information may be obtained. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker in physical proximity could exploit this vulnerability to disclose information. The following products and versions are affected: Intel AMT versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45
VAR-201912-1816 CVE-2019-11101 Intel(R) CSME and Intel(R) TXE Input validation vulnerability CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME and Intel(R) TXE Contains an input validation vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in subsystems in Intel CSME and Intel TXE due to insufficient input validation. A local attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20
VAR-201912-1818 CVE-2019-11103 Intel(R) CSME Input validation vulnerability CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) CSME Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges
VAR-201912-1820 CVE-2019-11105 Intel(R) CSME Vulnerability in Permission Management CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access. Intel(R) CSME Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. Security vulnerabilities exist in subsystems in Intel CSME versions prior to 12.0.45, versions prior to 13.0.10, and versions prior to 14.0.10. A local attacker could exploit this vulnerability to elevate privileges and leak information
VAR-201912-1822 CVE-2019-11107 Intel(R) AMT Input validation vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology ( AMT ) is the US Intel ( Intel ) company's set of hardware-based computer remote active management technology software. An attacker could exploit this vulnerability to elevate privileges
VAR-201912-1823 CVE-2019-11131 Intel(R) AMT Vulnerability in Permission Management CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) AMT Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. A subsystem in Intel AMT has a security vulnerability. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel AMT versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45
VAR-201911-1781 No CVE Authentication Bypass Vulnerability in SIEMENS SIMATIC S7-200 Smart PLC CVSS V2: 6.6
CVSS V3: -
Severity: MEDIUM
Siemens is a leading global technology company. With innovations in the areas of electrification, automation and digitalization, Siemens provides solutions for customers in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. SIEMENS SIMATIC S7-200 Smart PLC has an authentication bypass vulnerability. An attacker can bypass the identity authentication by falsifying data to arbitrarily alter the value of the PLC register
VAR-201911-1782 No CVE Denial of Service Vulnerability in Siemens STEP 7-MicroWIN SMART CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
Siemens is a leading global technology company. With innovations in the areas of electrification, automation and digitalization, Siemens provides solutions for customers in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens STEP 7-MicroWIN SMART has a denial of service vulnerability that could be exploited by an attacker to cause the server to deny service
VAR-201911-1639 CVE-2019-0148 Intel(R) Ethernet 700 Series Controller Vulnerabilities related to resource exhaustion CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. ========================================================================== Ubuntu Security Notice USN-4681-1 January 06, 2021 linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. (CVE-2019-0148) It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. (CVE-2020-27675) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. (CVE-2020-28974) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1085-kvm 4.4.0-1085.94 linux-image-4.4.0-1119-aws 4.4.0-1119.133 linux-image-4.4.0-1143-raspi2 4.4.0-1143.153 linux-image-4.4.0-1147-snapdragon 4.4.0-1147.157 linux-image-4.4.0-198-generic 4.4.0-198.230 linux-image-4.4.0-198-generic-lpae 4.4.0-198.230 linux-image-4.4.0-198-lowlatency 4.4.0-198.230 linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230 linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230 linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230 linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230 linux-image-aws 4.4.0.1119.124 linux-image-generic 4.4.0.198.204 linux-image-generic-lpae 4.4.0.198.204 linux-image-kvm 4.4.0.1085.83 linux-image-lowlatency 4.4.0.198.204 linux-image-powerpc-e500mc 4.4.0.198.204 linux-image-powerpc-smp 4.4.0.198.204 linux-image-powerpc64-emb 4.4.0.198.204 linux-image-powerpc64-smp 4.4.0.198.204 linux-image-raspi2 4.4.0.1143.143 linux-image-snapdragon 4.4.0.1147.139 linux-image-virtual 4.4.0.198.204 Ubuntu 14.04 ESM: linux-image-4.4.0-1083-aws 4.4.0-1083.87 linux-image-4.4.0-198-generic 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-generic-lpae 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-lowlatency 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230~14.04.1 linux-image-aws 4.4.0.1083.80 linux-image-generic-lpae-lts-xenial 4.4.0.198.173 linux-image-generic-lts-xenial 4.4.0.198.173 linux-image-lowlatency-lts-xenial 4.4.0.198.173 linux-image-powerpc-e500mc-lts-xenial 4.4.0.198.173 linux-image-powerpc-smp-lts-xenial 4.4.0.198.173 linux-image-powerpc64-emb-lts-xenial 4.4.0.198.173 linux-image-powerpc64-smp-lts-xenial 4.4.0.198.173 linux-image-virtual-lts-xenial 4.4.0.198.173 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4681-1 CVE-2019-0148, CVE-2020-25656, CVE-2020-25668, CVE-2020-27675, CVE-2020-28974, CVE-2020-4788 Package Information: https://launchpad.net/ubuntu/+source/linux/4.4.0-198.230 https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1119.133 https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1085.94 https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1143.153 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1147.157
VAR-201911-0279 CVE-2019-6170 plural Lenovo ThinkPad Vulnerability related to input validation in products CVSS V2: 4.4
CVSS V3: 6.4
Severity: MEDIUM
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. plural Lenovo ThinkPad The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo 510 15IKL, etc. are all products of Lenovo of China. Lenovo 510 15IKL is a desktop computer. IdeaCentre 300-20ISH is a computer integrated device. IdeaCentre 510-15ICB is a computer all-in-one device. Input validation error vulnerabilities exist in many Lenovo ThinkPad products. Attackers can use this vulnerability to execute arbitrary code
VAR-201911-1632 CVE-2019-0140 Intel(R) Ethernet 700 Series Controller Vulnerable to classic buffer overflow CVSS V2: 5.8
CVSS V3: 8.8
Severity: HIGH
Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access. Intel(R) Ethernet 700 Series Controller Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could use this vulnerability to achieve privilege elevation