VARIoT IoT vulnerabilities database
| VAR-201911-1619 | CVE-2018-12207 | Red Hat Security Advisory 2019-3836-01 |
CVSS V2: 4.9 CVSS V3: 6.5 Severity: MEDIUM |
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Both Microsoft Windows and Microsoft Windows Server are products of Microsoft Corporation. Microsoft Windows is an operating system for personal devices. Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in Microsoft Windows and Windows Server due to the program's improper handling of objects in memory. An attacker could exploit this vulnerability by logging on to an affected system and running a specially crafted application to cause the targeted system to become unresponsive. The following products and versions are affected: Microsoft Windows 10, Windows 10 Version 1607, Windows 10 Version 1709, Windows 10 Version 1803, Windows 10 Version 1809, Windows 10 Version 1903, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server version 1803, Windows Server version 1903. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2019:3836-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3836
Issue date: 2019-11-12
CVE Names: CVE-2018-12207 CVE-2019-0154 CVE-2019-3900
CVE-2019-11135
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)
* hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
* Kernel: vhost_net: infinite loop while receiving packets leads to DoS
(CVE-2019-3900)
* hw: Intel GPU Denial Of Service while accessing MMIO in lower power state
(CVE-2019-0154)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled,
performance impact observed on user space benchmark (BZ#1560787)
* kernel-2.6.32-573.60.2.el6 hangs/resets during boot in
efi_enter_virtual_mode() on Xeon v2 E7-2870 (BZ#1645724)
* Slab leak: skbuff_head_cache slab object still allocated after mcast
processes are stopped and "fragments dropped after timeout" errors are
shown (BZ#1752536)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IPU)
1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
1724393 - CVE-2019-0154 hw: Intel GPU Denial Of Service while accessing MMIO in lower power state
1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
kernel-2.6.32-754.24.2.el6.src.rpm
i386:
kernel-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
kernel-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-headers-2.6.32-754.24.2.el6.i686.rpm
perf-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
noarch:
kernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpm
kernel-doc-2.6.32-754.24.2.el6.noarch.rpm
kernel-firmware-2.6.32-754.24.2.el6.noarch.rpm
x86_64:
kernel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm
kernel-devel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-headers-2.6.32-754.24.2.el6.x86_64.rpm
perf-2.6.32-754.24.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
x86_64:
kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
kernel-2.6.32-754.24.2.el6.src.rpm
noarch:
kernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpm
kernel-doc-2.6.32-754.24.2.el6.noarch.rpm
kernel-firmware-2.6.32-754.24.2.el6.noarch.rpm
x86_64:
kernel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm
kernel-devel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-headers-2.6.32-754.24.2.el6.x86_64.rpm
perf-2.6.32-754.24.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
kernel-2.6.32-754.24.2.el6.src.rpm
i386:
kernel-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
kernel-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-headers-2.6.32-754.24.2.el6.i686.rpm
perf-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
noarch:
kernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpm
kernel-doc-2.6.32-754.24.2.el6.noarch.rpm
kernel-firmware-2.6.32-754.24.2.el6.noarch.rpm
ppc64:
kernel-2.6.32-754.24.2.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-754.24.2.el6.ppc64.rpm
kernel-debug-2.6.32-754.24.2.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.24.2.el6.ppc64.rpm
kernel-devel-2.6.32-754.24.2.el6.ppc64.rpm
kernel-headers-2.6.32-754.24.2.el6.ppc64.rpm
perf-2.6.32-754.24.2.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm
s390x:
kernel-2.6.32-754.24.2.el6.s390x.rpm
kernel-debug-2.6.32-754.24.2.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.24.2.el6.s390x.rpm
kernel-devel-2.6.32-754.24.2.el6.s390x.rpm
kernel-headers-2.6.32-754.24.2.el6.s390x.rpm
kernel-kdump-2.6.32-754.24.2.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
kernel-kdump-devel-2.6.32-754.24.2.el6.s390x.rpm
perf-2.6.32-754.24.2.el6.s390x.rpm
perf-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
x86_64:
kernel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm
kernel-devel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-headers-2.6.32-754.24.2.el6.x86_64.rpm
perf-2.6.32-754.24.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
ppc64:
kernel-debug-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.24.2.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm
python-perf-2.6.32-754.24.2.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.ppc64.rpm
s390x:
kernel-debug-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.24.2.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
perf-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
python-perf-2.6.32-754.24.2.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.s390x.rpm
x86_64:
kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
kernel-2.6.32-754.24.2.el6.src.rpm
i386:
kernel-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
kernel-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-headers-2.6.32-754.24.2.el6.i686.rpm
perf-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
noarch:
kernel-abi-whitelists-2.6.32-754.24.2.el6.noarch.rpm
kernel-doc-2.6.32-754.24.2.el6.noarch.rpm
kernel-firmware-2.6.32-754.24.2.el6.noarch.rpm
x86_64:
kernel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.i686.rpm
kernel-debug-devel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm
kernel-devel-2.6.32-754.24.2.el6.x86_64.rpm
kernel-headers-2.6.32-754.24.2.el6.x86_64.rpm
perf-2.6.32-754.24.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
kernel-debug-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.24.2.el6.i686.rpm
perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
python-perf-2.6.32-754.24.2.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.i686.rpm
x86_64:
kernel-debug-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.24.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-2.6.32-754.24.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.24.2.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-12207
https://access.redhat.com/security/cve/CVE-2019-0154
https://access.redhat.com/security/cve/CVE-2019-3900
https://access.redhat.com/security/cve/CVE-2019-11135
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ifu-page-mce
https://access.redhat.com/solutions/tsx-asynchronousabort
https://access.redhat.com/solutions/i915-graphics
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXcsc39zjgjWX9erEAQiIXQ//fbQ5UKtMa2pfofnF6CbwO4DbAYnOWbqx
1n4xgcWLZljSYz0/jp7h+fcDcF0TaQYswGhNj/oCvpGUl5NOZMhbAwVy/+hzzHiP
gqRzyZSgIFpM1fUu+AtjGInWVS37eDGGqxQqsBGNh30l4/x4DduCdmN7XDXrKxgz
1TVUlsS34AHHmhk3brFeaf/bPY2jIGH9oZfC3wiX3L8sczjmSOlCC3E1sI3pm/uo
Vin3Sl4vz9+krNNwxZw/6WE4wXMslaRBYku6cW31RgdmrZXXJGqYt5hglMbckSwn
+x8SrFcRJkbgQiCo27ikf1rnjz/NB2f0E9kIoOVHoKZ/RW/HgFVlgC5LSZqrsVtE
ARRhaT4dHDRZWxMwFaf6NNo6CpigxXC2fh7+9KXylUAq7HAT03wCBf1KWMgCzbG9
RlWSLQc5z8pwWPvnN1vsL5ZyaAXUDGjjU0ebSgcxvRRmGVt+YKtiGJU58lR6RuZt
up6aUM1QoXNCKiLB+497ZNwANj0G3oBRA2qEAstffJksMrEBD3X15rIE4m5vxGpS
ZMqKmT72HuG6MjOOwPZq6qwN0fOwpoAPnpIvHtl0NXJHtu1AmJgXcfERkNlN9X8d
u+Mgr+sYxDjAlysz0qOwvD0Ib9SRFgwGQgo+B6Wvi6iG17yh9B/cunAYUQ0wDm3U
XkMJCJGhDCY=
=fpzb
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* A flaw was found in the way Intel CPUs handle inconsistency between,
virtual to physical memory address translations in CPU's local cache and
system software's Paging structure entries. A privileged guest user may use
this flaw to induce a hardware Machine Check Error on the host processor,
resulting in a severe DoS scenario by halting the processor.
System software like OS OR Virtual Machine Monitor (VMM) use virtual memory
system for storing program instructions and data in memory. Virtual Memory
system uses Paging structures like Page Tables and Page Directories to
manage system memory. The processor's Memory Management Unit (MMU) uses
Paging structure entries to translate program's virtual memory addresses
to physical memory addresses. The processor stores these address
translations into its local cache buffer called - Translation Lookaside
Buffer (TLB). TLB has two parts, one for instructions and other for data
addresses.
System software can modify its Paging structure entries to change address
mappings OR certain attributes like page size etc. Upon such Paging
structure alterations in memory, system software must invalidate the
corresponding address translations in the processor's TLB cache. But before
this TLB invalidation takes place, a privileged guest user may trigger an
instruction fetch operation, which could use an already cached, but now
invalid, virtual to physical address translation from Instruction TLB
(ITLB). Thus accessing an invalid physical memory address and resulting in
halting the processor due to the Machine Check Error (MCE) on Page Size
Change. (CVE-2018-12207)
* A flaw was found in the way sudo implemented running commands with an
arbitrary user ID. If a sudoers entry is written to allow users to run a
command as any user except root, this flaw can be used by an attacker to
bypass that restriction. (CVE-2019-14287)
* An improper authorization flaw was discovered in systemd-resolved in the
way it configures the exposed DBus interface org.freedesktop.resolve1. An
unprivileged local user could call all DBus methods, even when marked as
privileged operations. An attacker could abuse this flaw by changing the
DNS, Search Domain, LLMNR, DNSSEC, and other network link settings without
any authorization, giving them control of the network names resolution
process and causing the system to communicate with wrong or malicious
servers. (CVE-2019-15718)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.1 see the following documentation, which
will be updated shortly for release 4.1.24, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel
ease-notes.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IFU)
1746057 - CVE-2019-15718 systemd: systemd-resolved allows unprivileged users to configure DNS
1760531 - CVE-2019-14287 sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword
5. Description:
This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1782199 - CVE-2019-19339 kpatch: hw: incomplete fix for CVE-2018-12207
6. 6.6) - x86_64
3. Due to the high complexity of the fixes and the required microcode
update, we are unable to livepatch this set of CVEs. Please plan to reboot
into an updated kernel as soon as possible.
The details of these CVEs follows:
CVE-2018-12207
On an Ubuntu KVM host configured to use huge pages, a malicious KVM guest
can cause a host machine check exception (MCE) capable of bringing down
the host OS.
CVE-2019-11135
On Intel processors with support for Transactional Synchronization
Extensions (TSX), it is possible to exploit a transactional asynchronous
abort (TAA) to perform a side-channel attack and leak kernel memory.
Further details on the vulnerabilities and our response can be found here:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915
Again, due to the high complexity of the fixes and the required microcode
update, we are unable to livepatch this set of CVEs. Please plan to reboot
into an updated kernel as soon as possible.
| Series | Version | Flavors |
|------------------+-----------------------+--------------------------|
| Ubuntu 18.04 LTS | 4.15.0-1054.55 | aws |
| Ubuntu 16.04 LTS | 4.4.0-1098.102 | aws |
| Ubuntu 18.04 LTS | 5.0.0-1025.27~18.04.1 | azure |
| Ubuntu 16.04 LTS | 4.15.0-1063.66 | azure |
| Ubuntu 18.04 LTS | 4.15.0-69.78 | generic lowlatency |
| Ubuntu 16.04 LTS | 4.15.0-69.78~16.04.1 | generic lowlatency |
| Ubuntu 14.04 LTS | 4.4.0-168.197~14.04.1 | generic lowlatency |
| Ubuntu 18.04 LTS | 4.15.0-1063.72 | oem |
| Ubuntu 16.04 LTS | 4.4.0-168.197 | generic lowlatency |
Support Information:
Kernels older than the levels listed above will no longer receive livepatch
updates.
References:
CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
.
Corrected: 2019-11-12 18:03:26 UTC (stable/12, 12.1-STABLE)
2019-11-12 18:13:04 UTC (releng/12.1, 12.1-RELEASE-p1)
2019-11-12 18:13:04 UTC (releng/12.0, 12.0-RELEASE-p12)
2019-11-12 18:04:28 UTC (stable/11, 11.3-STABLE)
2019-11-12 18:13:04 UTC (releng/11.3, 11.3-RELEASE-p5)
CVE Name: CVE-2018-12207
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>. Background
The Intel machine check architecture is a mechanism to detect and report
hardware errors, such as system bus errors, ECC errors, parity errors, and
others. This allows the processor to signal the detection of a machine
check error to the operating system.
II. Problem Description
Intel discovered a previously published erratum on some Intel platforms can
be exploited by malicious software to potentially cause a denial of service
by triggering a machine check that will crash or hang the system.
III.
IV. Workaround
No workaround is available. Systems not running untrusted guest virtual
machines are not impacted.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date,
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 12.1]
# fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.12.1.patch
# fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.12.1.patch.asc
# gpg --verify mcepsc.12.1.patch.asc
[FreeBSD 12.0]
# fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.12.0.patch
# fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.12.0.patch.asc
# gpg --verify mcepsc.12.0.patch.asc
[FreeBSD 11.3]
# fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.11.patch
# fetch https://security.FreeBSD.org/patches/SA-19:25/mcepsc.11.patch.asc
# gpg --verify mcepsc.11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/12/ r354650
releng/12.1/ r354653
releng/12.0/ r354653
stable/11/ r354651
releng/11.3/ r354653
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. ==========================================================================
Ubuntu Security Notice USN-4183-2
November 13, 2019
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
Summary:
Several security issues were fixed in the Linux kernel. It was
discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter
Command Streamer check) was incomplete on 64-bit Intel x86 systems.
This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Stephan van Schaik, Alyssa Milburn, Sebastian \xd6sterlund, Pietro Frigo,
Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz
Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel
processors using Transactional Synchronization Extensions (TSX) could
expose memory contents previously stored in microarchitectural buffers to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2019-11135)
It was discovered that the Intel i915 graphics chipsets allowed userspace
to modify page table entries via writes to MMIO from the Blitter Command
Streamer and expose kernel memory information. A local attacker could use
this to expose sensitive information or possibly elevate privileges. A local attacker in a guest VM could use this to
cause a denial of service (host system crash). (CVE-2018-12207)
It was discovered that the Intel i915 graphics chipsets could cause a
system hang when userspace performed a read from GT memory mapped input
output (MMIO) when the product is in certain low power states. A local
attacker could use this to cause a denial of service. (CVE-2019-0154)
Jann Horn discovered a reference count underflow in the shiftfs
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-15791)
Jann Horn discovered a type confusion vulnerability in the shiftfs
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-15792)
Jann Horn discovered that the shiftfs implementation in the Linux kernel
did not use the correct file system uid/gid when the user namespace of a
lower file system is not in the init user namespace. A local attacker could
use this to possibly bypass DAC permissions or have some other unspecified
impact. (CVE-2019-15793)
It was discovered that a buffer overflow existed in the 802.11 Wi-Fi
configuration interface for the Linux kernel when handling beacon settings.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-16746)
Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi
driver for the Linux kernel when handling Notice of Absence frames. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-17666)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
linux-image-5.3.0-23-generic 5.3.0-23.25
linux-image-5.3.0-23-generic-lpae 5.3.0-23.25
linux-image-5.3.0-23-lowlatency 5.3.0-23.25
linux-image-5.3.0-23-snapdragon 5.3.0-23.25
linux-image-generic 5.3.0.23.27
linux-image-generic-lpae 5.3.0.23.27
linux-image-lowlatency 5.3.0.23.27
linux-image-snapdragon 5.3.0.23.27
linux-image-virtual 5.3.0.23.27
Please note that mitigating the TSX (CVE-2019-11135) and i915
(CVE-2019-0154) issues requires corresponding microcode and graphics
firmware updates respectively.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well
| VAR-202009-0516 | CVE-2019-15992 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Buffer error vulnerabilities in software |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources. A buffer error vulnerability exists in the implementation of the Lua interpreter in Cisco ASA Software and Cisco FTD
| VAR-201912-1716 | CVE-2019-0131 | Intel(R) AMT Input validation vulnerability |
CVSS V2: 4.8 CVSS V3: 8.1 Severity: HIGH |
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An input validation error vulnerability exists in Intel Active Management Technology due to insufficient input validation. An attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. The following products and versions are affected: Intel Active Management Technology versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45
| VAR-201912-1712 | CVE-2019-0165 | Intel(R) AMT Input validation vulnerability |
CVSS V2: 2.1 CVSS V3: 4.4 Severity: MEDIUM |
Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access. Intel(R) AMT Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A security vulnerability exists in Intel CSME prior to 12.0.45, prior to 13.0.10, and prior to 14.0.10 due to insufficient input validation. A local attacker could exploit this vulnerability to cause a denial of service
| VAR-201912-1713 | CVE-2019-0166 | Intel(R) AMT Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT Contains an input validation vulnerability.Information may be obtained. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An input validation error vulnerability exists in Intel Active Management Technology due to insufficient input validation. A local attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are affected: Intel Active Management Technology versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45
| VAR-201912-1714 | CVE-2019-0168 | Intel(R) CSME and TXE Input validation vulnerability |
CVSS V2: 2.1 CVSS V3: 4.4 Severity: MEDIUM |
Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME and TXE Contains an input validation vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in the subsystems in Intel CSME and TXE. A local attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel CSME before 11.8.70, before 12.0.45, before 13.0.10; Intel TXE before 3.1.70, before 4.0.20
| VAR-201912-1715 | CVE-2019-0169 | Intel(R) CSME and TXE Vulnerable to out-of-bounds writing |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access. Intel(R) CSME and TXE Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Buffer error vulnerabilities exist in subsystems in Intel CSME and Intel TXE. Attackers can exploit this vulnerability to elevate privileges, leak information or cause denial of service. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45; Intel TXE before 3.1.70, before 4.0.20
| VAR-201912-1761 | CVE-2019-11087 | Intel(R) CSME and TXE Input validation vulnerability |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel(R) CSME and TXE Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in a subsystem in Intel CSME and Intel TXE due to insufficient input validation. A local attacker could exploit this vulnerability to elevate privileges, disclose information or cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20
| VAR-201912-1762 | CVE-2019-11088 | Intel(R) AMT Input validation vulnerability |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
| VAR-201912-1815 | CVE-2019-11100 | Intel(R) AMT Input validation vulnerability |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access. Intel(R) AMT Contains an input validation vulnerability.Information may be obtained. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker in physical proximity could exploit this vulnerability to disclose information. The following products and versions are affected: Intel AMT versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45
| VAR-201912-1816 | CVE-2019-11101 | Intel(R) CSME and Intel(R) TXE Input validation vulnerability |
CVSS V2: 2.1 CVSS V3: 4.4 Severity: MEDIUM |
Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME and Intel(R) TXE Contains an input validation vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in subsystems in Intel CSME and Intel TXE due to insufficient input validation. A local attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20
| VAR-201912-1818 | CVE-2019-11103 | Intel(R) CSME Input validation vulnerability |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) CSME Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges
| VAR-201912-1820 | CVE-2019-11105 | Intel(R) CSME Vulnerability in Permission Management |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access. Intel(R) CSME Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. Security vulnerabilities exist in subsystems in Intel CSME versions prior to 12.0.45, versions prior to 13.0.10, and versions prior to 14.0.10. A local attacker could exploit this vulnerability to elevate privileges and leak information
| VAR-201912-1822 | CVE-2019-11107 | Intel(R) AMT Input validation vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology ( AMT ) is the US Intel ( Intel ) company's set of hardware-based computer remote active management technology software. An attacker could exploit this vulnerability to elevate privileges
| VAR-201912-1823 | CVE-2019-11131 | Intel(R) AMT Vulnerability in Permission Management |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) AMT Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. A subsystem in Intel AMT has a security vulnerability. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel AMT versions prior to 11.8.70, versions prior to 11.11.70, versions prior to 11.22.70, and versions prior to 12.0.45
| VAR-201911-1781 | No CVE | Authentication Bypass Vulnerability in SIEMENS SIMATIC S7-200 Smart PLC |
CVSS V2: 6.6 CVSS V3: - Severity: MEDIUM |
Siemens is a leading global technology company. With innovations in the areas of electrification, automation and digitalization, Siemens provides solutions for customers in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software.
SIEMENS SIMATIC S7-200 Smart PLC has an authentication bypass vulnerability. An attacker can bypass the identity authentication by falsifying data to arbitrarily alter the value of the PLC register
| VAR-201911-1782 | No CVE | Denial of Service Vulnerability in Siemens STEP 7-MicroWIN SMART |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Siemens is a leading global technology company. With innovations in the areas of electrification, automation and digitalization, Siemens provides solutions for customers in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software.
Siemens STEP 7-MicroWIN SMART has a denial of service vulnerability that could be exploited by an attacker to cause the server to deny service
| VAR-201911-1639 | CVE-2019-0148 | Intel(R) Ethernet 700 Series Controller Vulnerabilities related to resource exhaustion |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. ==========================================================================
Ubuntu Security Notice USN-4681-1
January 06, 2021
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,
linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver
in the Linux kernel did not properly deallocate memory in some conditions. (CVE-2019-0148)
It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)
Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)
Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition.
(CVE-2020-27675)
Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. (CVE-2020-28974)
It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1085-kvm 4.4.0-1085.94
linux-image-4.4.0-1119-aws 4.4.0-1119.133
linux-image-4.4.0-1143-raspi2 4.4.0-1143.153
linux-image-4.4.0-1147-snapdragon 4.4.0-1147.157
linux-image-4.4.0-198-generic 4.4.0-198.230
linux-image-4.4.0-198-generic-lpae 4.4.0-198.230
linux-image-4.4.0-198-lowlatency 4.4.0-198.230
linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230
linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230
linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230
linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230
linux-image-aws 4.4.0.1119.124
linux-image-generic 4.4.0.198.204
linux-image-generic-lpae 4.4.0.198.204
linux-image-kvm 4.4.0.1085.83
linux-image-lowlatency 4.4.0.198.204
linux-image-powerpc-e500mc 4.4.0.198.204
linux-image-powerpc-smp 4.4.0.198.204
linux-image-powerpc64-emb 4.4.0.198.204
linux-image-powerpc64-smp 4.4.0.198.204
linux-image-raspi2 4.4.0.1143.143
linux-image-snapdragon 4.4.0.1147.139
linux-image-virtual 4.4.0.198.204
Ubuntu 14.04 ESM:
linux-image-4.4.0-1083-aws 4.4.0-1083.87
linux-image-4.4.0-198-generic 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-generic-lpae 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-lowlatency 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230~14.04.1
linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230~14.04.1
linux-image-aws 4.4.0.1083.80
linux-image-generic-lpae-lts-xenial 4.4.0.198.173
linux-image-generic-lts-xenial 4.4.0.198.173
linux-image-lowlatency-lts-xenial 4.4.0.198.173
linux-image-powerpc-e500mc-lts-xenial 4.4.0.198.173
linux-image-powerpc-smp-lts-xenial 4.4.0.198.173
linux-image-powerpc64-emb-lts-xenial 4.4.0.198.173
linux-image-powerpc64-smp-lts-xenial 4.4.0.198.173
linux-image-virtual-lts-xenial 4.4.0.198.173
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4681-1
CVE-2019-0148, CVE-2020-25656, CVE-2020-25668, CVE-2020-27675,
CVE-2020-28974, CVE-2020-4788
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-198.230
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1119.133
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1085.94
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1143.153
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1147.157
| VAR-201911-0279 | CVE-2019-6170 | plural Lenovo ThinkPad Vulnerability related to input validation in products |
CVSS V2: 4.4 CVSS V3: 6.4 Severity: MEDIUM |
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. plural Lenovo ThinkPad The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo 510 15IKL, etc. are all products of Lenovo of China. Lenovo 510 15IKL is a desktop computer. IdeaCentre 300-20ISH is a computer integrated device. IdeaCentre 510-15ICB is a computer all-in-one device.
Input validation error vulnerabilities exist in many Lenovo ThinkPad products. Attackers can use this vulnerability to execute arbitrary code
| VAR-201911-1632 | CVE-2019-0140 | Intel(R) Ethernet 700 Series Controller Vulnerable to classic buffer overflow |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access. Intel(R) Ethernet 700 Series Controller Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could use this vulnerability to achieve privilege elevation