VARIoT IoT vulnerabilities database

Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. The vulnerability stems from the failure of the network system or product to properly validate the input data

Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access. This tool is mainly used to get the latest applications provided by Intel. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access. Intel(R) AMT Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An out-of-bounds write vulnerability exists in a subsystem in Intel AMT. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Intel AMT versions prior to 11.8.65, versions prior to 11.11.65, versions prior to 11.22.65, and versions prior to 12.0.35

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access. Intel(R) AMT Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Intel AMT versions prior to 11.8.65, versions prior to 11.11.65, versions prior to 11.22.65, and versions prior to 12.0.35

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An input validation error vulnerability exists in a subsystem in Intel AMT. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Intel AMT versions prior to 11.8.65, versions prior to 11.11.65, versions prior to 11.22.65, and versions prior to 12.0.35

Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Quartus The software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Quartus Software is a set of software for hardware programming developed by Intel Corporation of the United States. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Linux for Intel(R) i915 Graphics Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. (CVE-2018-13053). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2020:0592-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0592 Issue date: 2020-02-25 CVE Names: CVE-2018-20976 CVE-2019-11085 CVE-2019-14895 CVE-2019-17133 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Bug Fix(es): * core: backports from upstream (BZ#1794372) Enhancement(s): * Selective backport: perf: Sync with upstream v4.16 (BZ#1782750) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.64.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.64.1.el7.noarch.rpm kernel-doc-3.10.0-693.64.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.64.1.el7.x86_64.rpm kernel-debug-3.10.0-693.64.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.64.1.el7.x86_64.rpm kernel-devel-3.10.0-693.64.1.el7.x86_64.rpm kernel-headers-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.64.1.el7.x86_64.rpm perf-3.10.0-693.64.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm python-perf-3.10.0-693.64.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.64.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.64.1.el7.noarch.rpm kernel-doc-3.10.0-693.64.1.el7.noarch.rpm ppc64le: kernel-3.10.0-693.64.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.64.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.64.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.64.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.64.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.64.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.64.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.64.1.el7.ppc64le.rpm perf-3.10.0-693.64.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm python-perf-3.10.0-693.64.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.64.1.el7.x86_64.rpm kernel-debug-3.10.0-693.64.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.64.1.el7.x86_64.rpm kernel-devel-3.10.0-693.64.1.el7.x86_64.rpm kernel-headers-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.64.1.el7.x86_64.rpm perf-3.10.0-693.64.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm python-perf-3.10.0-693.64.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.64.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.64.1.el7.noarch.rpm kernel-doc-3.10.0-693.64.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.64.1.el7.x86_64.rpm kernel-debug-3.10.0-693.64.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.64.1.el7.x86_64.rpm kernel-devel-3.10.0-693.64.1.el7.x86_64.rpm kernel-headers-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.64.1.el7.x86_64.rpm perf-3.10.0-693.64.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm python-perf-3.10.0-693.64.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.64.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.64.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.64.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.64.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.64.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.64.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.64.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.64.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXlUO79zjgjWX9erEAQhRNA//YeD7r8z4MuCHd3FlyOgNrfB77wwCO71Y VOJC4KJqrFov39AnxhNL4GxX4JlJ6rqH9hWbShjiVIhlUDaLVV/TDAfv2PneZjEu AVlINbpKX29uh5PjzdN8Ae569UQsKHt1r/M/scTtOW3qDsJXYgbVHTmdmOnoCEJB f0QnQfmERZ10DMt26yBQd6XTgrOQTlXigAdVtbD37Ypv+ORrXxGlYx7MNZO+axCM Mp3p9xWeJ+ROGzObihIaKl9sSe4Y72B8xnSnyPbTn1Mq7Iu4fYQGEKpQE3s+SxOu RRPs3mdxTiBee3jPaFKaKmh/5ZPOlvEsxf2SlgetggTJbMetohaj7ChITyScjGsj wTVj0Yy5Xjc/F1C5BacjPAZh2+oSMd+lqE4yunbcv4RE58x+ZSX97lvEk/3rLRHB i9grudD8N7GWhYnudSHjGdasoancecF1pYvB1lAyPA5cPMOnW48j0waDwNdBiUrm 0F1RqIY5sp1ygW39IGIZ0LWee7Ujska0lVdlYN5k5qOLiOoBXgdZ7vuclo7zM2iB cq1r5h76hQw6s7xnrShP/ZKlM+b0ykL4a70Rpqlr+fsJbwUSe0eqjOzWElgMqu7p yR/cOF9+Lo6ulBa05eBbW0o/4jZRHPKRSzXKIjxor0IYuCkcRSLnVBPoKZuMaJxK 8vgiTrLgjNQ=RbSn -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.5) - ppc64, ppc64le, x86_64 3. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * [DELL 8.0 z-stream BUG] - "CPU unsupported" message with CFL-H/S 8+2 due to updated Stepping (BZ#1711048) * RHEL8.0 Snapshot4 - [LTC Test] Guest crashes during vfio device hot-plug/un-plug operations. (kvm) (BZ#1714746) * Using Transactional Memory (TM) in a Guest Locks-up Host Core on a Power9 System (BZ#1714751) * VRSAVE register not properly saved and restored (BZ#1714753) * Fix potential spectre gadget in arch/s390/kvm/interrupt.c (BZ#1714754) * RHEL8.0 RC2 - kernel/KVM - count cache flush Spectre v2 mitigation (required for POWER9 DD2.3) (BZ#1715018) * iommu/amd: Set exclusion range correctly (BZ#1715336) * RHEL8.0 - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (BZ#1715337) * cross compile builds are broken (BZ#1715339) * Patch generated by 'make rh-test-patch' doesn't get applied during build (BZ#1715340) * hard lockup panic in during execution of CFS bandwidth period timer (BZ#1715345) * perf annotate -P does not give full paths (BZ#1716887) * [Dell EMC 8.0 BUG] File system corrupting with I/O Stress on H330 PERC on AMD Systems if IOMMU passthrough is disabled (BZ#1717344) * Fix Spectre v1 gadgets in drivers/gpu/drm/drm_bufs.c and drivers/gpu/drm/drm_ioctl.c (BZ#1717382) * BUG: SELinux doesn't handle NFS crossmnt well (BZ#1717777) * krb5{,i,p} doesn't work with older enctypes on aarch64 (BZ#1717800) * [RHEL-8.0][s390x]ltp-lite mtest06 testing hits EWD due to: rcu: INFO: rcu_sched self-detected stall on CPU (BZ#1717801) * RHEL 8 Snapshot-6: CN1200E SW iSCSI I/O performance degradation after a SCSI device/target reset rhel-8.0.0.z] (BZ#1717804) * dm cache metadata: Fix loading discard bitset (BZ#1717868) * jit'd java code on power9 ppc64le experiences stack corruption (BZ#1717869) * BUG: connect(AF_UNSPEC, ...) on a connected socket returns an error (BZ#1717870) * mm: BUG: unable to handle kernel paging request at 0000000057ac6e9d (BZ#1718237) * [HPE 8.0 BUG] DCPMM fsdax boot initialization takes a long time causing auto-mount to fail (BZ#1719635) * AMD Rome: WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/mcheck/mce.c:1510 mcheck_cpu_init+0x7a/0x460 (BZ#1721233) * [RHEL8.1] AMD Rome: EDAC amd64: Error: F0 not found, device 0x1460 (broken BIOS?) (BZ#1722365) * AMD Rome: Intermittent NMI received for unknown reason (BZ#1722367) * [DELL 8.0 BUG] - "CPU unsupported" message with WHL-U due to updated Stepping (BZ#1722372) Enhancement(s): * RHEL 8 - AMD Rome Support (BZ#1721972) Users of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * kernel-rt: update to the RHEL7.6.z batch#6 source tree (BZ#1718400) 4. ========================================================================= Ubuntu Security Notice USN-4118-1 September 02, 2019 linux-aws vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems Details: It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1047-aws 4.15.0-1047.49 linux-image-aws 4.15.0.1047.46 Ubuntu 16.04 LTS: linux-image-4.15.0-1047-aws 4.15.0-1047.49~16.04.1 linux-image-aws-hwe 4.15.0.1047.47 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4118-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-19985, CVE-2018-20169, CVE-2018-20511, CVE-2018-20784, CVE-2018-20856, CVE-2018-5383, CVE-2019-0136, CVE-2019-10126, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11085, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-11815, CVE-2019-11833, CVE-2019-11884, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-13631, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-2024, CVE-2019-2101, CVE-2019-3701, CVE-2019-3819, CVE-2019-3846, CVE-2019-3900, CVE-2019-9506 Package Information: https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1047.49 https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1047.49~16.04.1

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory. FortiClient Online Installer Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to a arbitrary code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. Versions prior to FortiClient 6.0.6 are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. FortiClient Online Installer is an online installer for FortiClient. A code issue vulnerability exists in the FortiClient Online Installer in Fortinet FortiClient versions prior to 6.0.6 (Windows). This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to incomplete role-based access control (RBAC) verification. An attacker could exploit this vulnerability by authenticating to the device and issuing a specific CLI diagnostic command with crafted user-input parameters. An exploit could allow the attacker to perform an arbitrary read of a file on the device, and the file may contain sensitive information. The attacker needs valid device credentials to exploit this vulnerability. Cisco FXOS and NX-OS The software contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco Bug IDs CSCvj59436, CSCvk50808, CSCvk50810, CSCvk50814, CSCvk50816 and CSCvk50838

A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit this vulnerability by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. Cisco NX-OS Software is prone to multiple security vulnerabilities vulnerabilities. Failed exploits will result in denial-of-service condition. These issues are being tracked by Cisco Bug IDs CSCvh76129, CSCvh76132, CSCvj00497, CSCvj10162

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. NX-OS versions prior to 8.3(1) are affected. NX-OS versions prior to 8.3(1) are affected. Cisco FXOS and NX-OS The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco FXOS and NX-OS Software are prone to a local command-injection vulnerability. This issue is being tracked by Cisco Bug IDs CSCvi01431, CSCvi01440, CSCvi92326, CSCvi92328, CSCvi92329 and CSCvi92332. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco MDS 9000 Series Multilayer Switches is a MDS 9000 series multilayer switch. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. The following products and versions are affected: Cisco Firepower 4100 Series ; Firepower 9300 Security Appliances ; MDS 9000 Series Multilayer Switches ; Nexus 3000 Series Switches ; Nexus 3500 Platform Switches ; Nexus 3600 Platform Switches ; Nexus 5500 Platform Switches ; Nexus 5600 Platform Switches ; Nexus 6000 Series Switches; Nexus 7000 Series Switches; Nexus 7700 Series Switches; Nexus 9000 Series; Switches in standalone NX-OS mode; Nexus 9500 R-Series Switching Platform

A vulnerability in the detection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies. The vulnerability is due to improper validation of ICMP packets. An attacker could exploit this vulnerability by sending crafted ICMP packets to the affected device. A successful exploit could allow the attacker to bypass configured access control policies. This issue is being tracked by Cisco BugID CSCvk43854. A security vulnerability exists in the inspection engine in Cisco FTD due to the program not properly validating ICMP packets. The following products and versions are affected: Cisco Firepower Threat Defense Release 6.2.0, Release 6.2.0.5, Release 6.2.3, Release 6.2.3.1, Release 6.2.3.2, Release 6.4.0

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly. The vulnerability is due to improper error handling when processing inbound SNMP packets. An attacker could exploit this vulnerability by sending multiple crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the SNMP application to leak system memory because of an improperly handled error condition during packet processing. Over time, this memory leak could cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco FXOS and NX-OS The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco FXOS and NX-OS Softwares are prone to an denial-of-service vulnerability An attacker can exploit this issue to restart the affected system, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCvc58707, CSCvd45657, CSCvn19457, CSCvn19463, CSCvn19464, CSCvn19465, CSCvn19468 and CSCvn19483. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco FXOS Software is a set of firewall software that runs on Cisco security appliances. Cisco Nexus 3000 Series Switches is a 3000 series switch. Cisco MDS 9000 Series Multilayer Switches is a MDS 9000 series multilayer switch. Cisco NX-OS Software is a set of data center-level operating system software used by switches. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Cisco Firepower 4100 Series; Firepower 9300 Security Appliances; MDS 9000 Series Multilayer Switches; Nexus 1000V Switch for Microsoft Hyper-V; Nexus 1000V Switch for VMware vSphere; Nexus 3000 Series Switches; 5500 Platform Switches; Nexus 5600 Platform Switches; Nexus 6000 Series Switches; Nexus 7000 Series Switches; Nexus 7700 Series Switches; Nexus 9000 Series Fabric Switches in Application Centric Infrastructure

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information. This issue is being tracked by Cisco Bug ID CSCvo28677 and CSCvo62260. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths

A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs when the affected software processes specific EVPN routing information. An attacker could exploit this vulnerability by injecting malicious traffic patterns into the targeted EVPN network. A successful exploit could result in a crash of the l2vpn_mgr process on Provider Edge (PE) device members of the same EVPN instance (EVI). On each of the affected devices, a crash could lead to system instability and the inability to process or forward traffic through the device, resulting in a DoS condition that would require manual intervention to restore normal operating conditions. Cisco IOS XR The software contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOSXR Software is a fully modular, distributed network operating system from Cisco's IOS software family, including IOST, IOSS, and IOSXR. A denial of service vulnerability exists in Cisco IOSXRSoftware that could be exploited by an attacker to cause a denial of service. Cisco IOS XR Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the process, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvk35997. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. The following products and versions are affected: Cisco IOS XR 6.1.0 to 6.3.3 (fixed in 6.3.3), 6.4.X prior to 6.4.2, 6.5.X prior to 6.5.2, 6.6. 1 Versions prior to 6.6.X

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system. This issue is being tracked by Cisco Bug ID CSCvn47574. HostScan is one of the network host scanning components. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to an incorrect implementation of role-based access control (RBAC). An attacker could exploit this vulnerability by crafting a specific HTTP request with administrative credentials. A successful exploit could allow the attacker to generate a certificate that is signed and trusted by the ISE CA with arbitrary attributes. The attacker could use this certificate to access other networks or assets that are protected by certificate authentication. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvm81230. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to the incorrect handling of certain MPLS OAM packets. An attacker could exploit this vulnerability by sending malicious MPLS OAM packets to an affected device. A successful exploit could allow the attacker to cause the lspv_server process to crash. The crash could lead to system instability and the inability to process or forward traffic though the device, resulting in a DoS condition that require manual intervention to restore normal operating conditions. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvk63685. Cisco ASR 9000 Series is a 9000 series enterprise-class router of Cisco (Cisco). The vulnerability stems from the failure of the network system or product to properly validate the input data

A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user&rsquo;s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user&rsquo;s browser and Cisco Unified Intelligence Center in the context of the malicious gadget. This issue being tracked by Cisco Bug ID CSCvo98208. The platform provides report related business data and display function of call center data

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies. The vulnerability is due to improper parsing of specific attributes in a TLS packet header. An attacker could exploit this vulnerability by sending malicious TLS messages to the affected system. A successful exploit could allow the attacker to bypass the configured policies for the system, which could allow traffic to flow through without being inspected. Cisco Firepower Threat Defense (FTD) The software is vulnerable to a defect in the protection mechanism.Information may be tampered with. This issue is being tracked by Cisco Bug CSCvi81022