VARIoT IoT vulnerabilities database
| VAR-202007-1403 | CVE-2020-5901 | NGINX Controller Cross-site scripting vulnerability in |
CVSS V2: 9.3 CVSS V3: 9.6 Severity: CRITICAL |
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system. NGINX Controller Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. An attacker could exploit this vulnerability with a specially crafted URL to run JavaScript in the context of the currently logged-in user, potentially gaining full access to the system if the user is logged in as an administrator
| VAR-202007-1402 | CVE-2020-5900 | NGINX Controller Cross-site request forgery vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. (DoS) It may be put into a state. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. An attacker could exploit this vulnerability by enticing a user to click a malicious link to perform arbitrary operations on the user's web interface
| VAR-202007-1401 | CVE-2020-5899 | NGINX Controller Vulnerability related to password management function in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code. NGINX Controller Contains a vulnerability related to the password management function.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. An attacker can exploit this vulnerability to change the user's password. If the user is an administrator user, the attacker can completely control the NGINX Controller system
| VAR-202006-0320 | CVE-2020-12023 | Philips Made IntelliBridge Enterprise (IBE) Vulnerability regarding information leakage from log files in |
CVSS V2: 2.7 CVSS V3: 4.5 Severity: MEDIUM |
Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files. Philips Made IntelliBridge Enterprise (IBE) Exists in a vulnerability related to information leakage from log files. Philips IntelliBridge Enterprise (IBE) is a solution from Philips of the Netherlands that provides a single point of contact between EHR (electronic health records) and Philips clinical solutions
| VAR-202006-0176 | CVE-2020-13702 | The Rolling Proximity Identifier Vulnerability regarding information leakage in |
CVSS V2: 6.4 CVSS V3: 10.0 Severity: CRITICAL |
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism. ** Unsettled ** This case has not been confirmed as a vulnerability. The Rolling Proximity Identifier There is an information leakage vulnerability in. Vendors have challenged this vulnerability. For more information, please see below NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2020-13702Information may be obtained
| VAR-202006-0241 | CVE-2020-0543 | Debian Security Advisory 4698-1 |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel 06_3DH and Intel 06_9EH are both a central processing unit (CPU) product of Intel Corporation of the United States. Security vulnerabilities exist in several Intel products. The following products and versions are affected: Intel Celeron 1000M; Celeron 1005M; Celeron 1007U; Celeron 1019Y; Celeron 1020m, etc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4698-1 security@debian.org
https://www.debian.org/security/ Ben Hutchings
June 09, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2019-2182 CVE-2019-5108 CVE-2019-19319 CVE-2019-19462
CVE-2019-19768 CVE-2019-20806 CVE-2019-20811 CVE-2020-0543
CVE-2020-2732 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648
CVE-2020-8649 CVE-2020-9383 CVE-2020-10711 CVE-2020-10732
CVE-2020-10751 CVE-2020-10757 CVE-2020-10942 CVE-2020-11494
CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668
CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653
CVE-2020-12654 CVE-2020-12770 CVE-2020-13143
Debian Bug : 952660
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2019-2182
Hanjun Guo and Lei Li reported a race condition in the arm64
virtual memory management code, which could lead to an information
disclosure, denial of service (crash), or possibly privilege
escalation.
CVE-2019-5108
Mitchell Frank of Cisco discovered that when the IEEE 802.11
(WiFi) stack was used in AP mode with roaming, it would trigger
roaming for a newly associated station before the station was
authenticated. An attacker within range of the AP could use this
to cause a denial of service, either by filling up a switching
table or by redirecting traffic away from other stations.
CVE-2019-19319
Jungyeon discovered that a crafted filesystem can cause the ext4
implementation to deallocate or reallocate journal blocks. A user
permitted to mount filesystems could use this to cause a denial of
service (crash), or possibly for privilege escalation.
CVE-2019-19462
The syzbot tool found a missing error check in the 'relay'
library used to implement various files under debugfs. A local
user permitted to access debugfs could use this to cause a denial
of service (crash) or possibly for privilege escalation.
CVE-2019-19768
Tristan Madani reported a race condition in the blktrace debug
facility that could result in a use-after-free. A local user able
to trigger removal of block devices could possibly use this to
cause a denial of service (crash) or for privilege escalation.
CVE-2019-20806
A potential null pointer dereference was discovered in the tw5864
media driver. The security impact of this is unclear.
CVE-2019-20811
The Hulk Robot tool found a reference-counting bug in an error
path in the network subsystem. The security impact of this is
unclear.
CVE-2020-0543
Researchers at VU Amsterdam discovered that on some Intel CPUs
supporting the RDRAND and RDSEED instructions, part of a random
value generated by these instructions may be used in a later
speculative execution on any core of the same physical CPU.
Depending on how these instructions are used by applications, a
local user or VM guest could use this to obtain sensitive
information such as cryptographic keys from other users or VMs.
This vulnerability can be mitigated by a microcode update, either
as part of system firmware (BIOS) or through the intel-microcode
package in Debian's non-free archive section. This kernel update
only provides reporting of the vulnerability and the option to
disable the mitigation if it is not needed.
CVE-2020-2732
Paulo Bonzini discovered that the KVM implementation for Intel
processors did not properly handle instruction emulation for L2
guests when nested virtualization is enabled. This could allow an
L2 guest to cause privilege escalation, denial of service, or
information leaks in the L1 guest.
CVE-2020-8428
Al Viro discovered a potential use-after-free in the filesystem
core (vfs). A local user could exploit this to cause a denial of
service (crash) or possibly to obtain sensitive information from
the kernel.
CVE-2020-8647, CVE-2020-8649
The Hulk Robot tool found a potential MMIO out-of-bounds access in
the vgacon driver. A local user permitted to access a virtual
terminal (/dev/tty1 etc.) on a system using the vgacon driver
could use this to cause a denial of service (crash or memory
corruption) or possibly for privilege escalation.
CVE-2020-8648
The syzbot tool found a race condition in the the virtual terminal
driver, which could result in a use-after-free. A local user
permitted to access a virtual terminal could use this to cause a
denial of service (crash or memory corruption) or possibly for
privilege escalation.
CVE-2020-9383
Jordy Zomer reported an incorrect range check in the floppy driver
which could lead to a static out-of-bounds access. A local user
permitted to access a floppy drive could use this to cause a
denial of service (crash or memory corruption) or possibly for
privilege escalation.
CVE-2020-10711
Matthew Sheets reported NULL pointer dereference issues in the
SELinux subsystem while receiving CIPSO packet with null category. A
remote attacker can take advantage of this flaw to cause a denial of
service (crash). Note that this issue does not affect the binary
packages distributed in Debian as CONFIG_NETLABEL is not enabled.
CVE-2020-10732
An information leak of kernel private memory to userspace was found
in the kernel's implementation of core dumping userspace processes.
CVE-2020-10751
Dmitry Vyukov reported that the SELinux subsystem did not properly
handle validating multiple messages, which could allow a privileged
attacker to bypass SELinux netlink restrictions.
CVE-2020-10757
Fan Yang reported a flaw in the way mremap handled DAX hugepages,
allowing a local user to escalate their privileges
CVE-2020-10942
It was discovered that the vhost_net driver did not properly
validate the type of sockets set as back-ends. A local user
permitted to access /dev/vhost-net could use this to cause a stack
corruption via crafted system calls, resulting in denial of
service (crash) or possibly privilege escalation.
CVE-2020-11494
It was discovered that the slcan (serial line CAN) network driver
did not fully initialise CAN headers for received packets,
resulting in an information leak from the kernel to user-space or
over the CAN network.
CVE-2020-11565
Entropy Moe reported that the shared memory filesystem (tmpfs) did
not correctly handle an "mpol" mount option specifying an empty
node list, leading to a stack-based out-of-bounds write. If user
namespaces are enabled, a local user could use this to cause a
denial of service (crash) or possibly for privilege escalation.
CVE-2020-11608, CVE-2020-11609, CVE-2020-11668
It was discovered that the ov519, stv06xx, and xirlink_cit media
drivers did not properly validate USB device descriptors. A
physically present user with a specially constructed USB device
could use this to cause a denial-of-service (crash) or possibly
for privilege escalation.
CVE-2020-12114
Piotr Krysiuk discovered a race condition between the umount and
pivot_root operations in the filesystem core (vfs). A local user
with the CAP_SYS_ADMIN capability in any user namespace could use
this to cause a denial of service (crash).
CVE-2020-12464
Kyungtae Kim reported a race condition in the USB core that can
result in a use-after-free. It is not clear how this can be
exploited, but it could result in a denial of service (crash or
memory corruption) or privilege escalation.
CVE-2020-12652
Tom Hatskevich reported a bug in the mptfusion storage drivers.
An ioctl handler fetched a parameter from user memory twice,
creating a race condition which could result in incorrect locking
of internal data structures. A local user permitted to access
/dev/mptctl could use this to cause a denial of service (crash or
memory corruption) or for privilege escalation.
CVE-2020-12653
It was discovered that the mwifiex WiFi driver did not
sufficiently validate scan requests, resulting a potential heap
buffer overflow. A local user with CAP_NET_ADMIN capability could
use this to cause a denial of service (crash or memory corruption)
or possibly for privilege escalation.
CVE-2020-12654
It was discovered that the mwifiex WiFi driver did not
sufficiently validate WMM parameters received from an access point
(AP), resulting a potential heap buffer overflow. A malicious AP
could use this to cause a denial of service (crash or memory
corruption) or possibly to execute code on a vulnerable system.
CVE-2020-12770
It was discovered that the sg (SCSI generic) driver did not
correctly release internal resources in a particular error case.
A local user permitted to access an sg device could possibly use
this to cause a denial of service (resource exhaustion).
CVE-2020-13143
Kyungtae Kim reported a potential heap out-of-bounds write in
the USB gadget subsystem. A local user permitted to write to
the gadget configuration filesystem could use this to cause a
denial of service (crash or memory corruption) or potentially
for privilege escalation.
For the oldstable distribution (stretch), these problems have been
fixed in version 4.9.210-1+deb9u1. This version also fixes some
related bugs that do not have their own CVE IDs, and a regression in
the macvlan driver introduced in the previous point release (bug
#952660).
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7f5blfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Sh5RAAmfLUcD69AFSfY6hVPLCvTHS0gVYHUk57NSP7vHaUqQPWXMv4lV6pJ1sp
I6sB7tuDW8MWERVy9lBuZrLhnhlhAfqhzkJ+F/yh6ze703QCf1mMoHBAI44yXGtB
fZDV2vxreXpJ4LfoBfGP2+yFiJXBBCRASgyNEtiBoHYG0yt1gfqXP5OjlaRJ5p1I
yElJ5Uj0MkclVj3nbupUmPs7V/2o4tPavOgTyLplTHTDfOMkK1Z86M0fUfh7fS97
ffwJutFObQuxrkO/2vtzTvaXPnqHh5DUIEQzq5xKhK10+GUlkppqHvId1c//0krF
Wd1gZc2RXLkREQShh21BUaI2XxRTcOw7f6Nmz2QnwN/Q/dXGeWeCjPUGslna3BQs
d/pToA0OpbFNxkNKsbg+ovzMrB9C9aP03aDpSztbf/ZLReR+yOf74s9ypdeadGLC
qKmHcFRWP25ct/ZOxNnTquEwd2NT6qDc9Iu6VNdXb2ndRz1zFU/OZlZ3oEPkrCIp
FxJ+j8jpMFJsluE09UjAxH4AhyNAPjPcCr3M+fkgG+WPgzxSHdKComDN06O53iVi
kWbN/AQPXiLlWHuKpCWbS87dZUyT1K1Wf+7mJbsAUfrrd+1mgWSHTRw1QNii74CR
bD91B+70LVu2UCKKxtnOIJ3+iUiUwBNPYw70B0cc3vZTv9O7q7k=
=WzfN
-----END PGP SIGNATURE-----
.
CVE-2019-3016
It was discovered that the KVM implementation for x86 did not
always perform TLB flushes when needed, if the paravirtualised
TLB flush feature was enabled.
CVE-2020-12768
A bug was discovered in the KVM implementation for AMD processors,
which could result in a memory leak. Summary:
An update for microcode_ctl is now available for Red Hat Enterprise Linux
7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
* hw: Vector Register Data Sampling (CVE-2020-0548)
* hw: L1D Cache Eviction Sampling (CVE-2020-0549)
* hw: vt-d related privilege escalation (CVE-2020-24489)
* hw: improper isolation of shared resources in some Intel Processors
(CVE-2020-24511)
* hw: observable timing discrepancy in some Intel Processors
(CVE-2020-24512)
* hw: Information disclosure issue in Intel SGX via RAPL interface
(CVE-2020-8695)
* hw: Vector Register Leakage-Active (CVE-2020-8696)
* hw: Fast forward store predictor (CVE-2020-8698)
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1788786 - CVE-2020-0548 hw: Vector Register Data Sampling
1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling
1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS)
1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface
1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active
1890356 - CVE-2020-8698 hw: Fast forward store predictor
1897684 - [rhel-7.9.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates
1962650 - CVE-2020-24489 hw: vt-d related privilege escalation
1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors
1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64:
microcode_ctl-2.1-73.11.el7_9.x86_64.rpm
microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-0543
https://access.redhat.com/security/cve/CVE-2020-0548
https://access.redhat.com/security/cve/CVE-2020-0549
https://access.redhat.com/security/cve/CVE-2020-8695
https://access.redhat.com/security/cve/CVE-2020-8696
https://access.redhat.com/security/cve/CVE-2020-8698
https://access.redhat.com/security/cve/CVE-2020-24489
https://access.redhat.com/security/cve/CVE-2020-24511
https://access.redhat.com/security/cve/CVE-2020-24512
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYRD++tzjgjWX9erEAQhA1A//eeO88DFGpTcHgCHrsXimUtK3MZX0RppT
5UOWuXgmPJniMPDALpkfTNTnNGASjBB+WDclaW2d/sZf52PzYLao5wGVIYdUx3Nl
l9IvbGNMm0F7eI7aHdT2QnUhQQl1IpJrbmkhvBM2w85EmOfqlq+CpXnJMRXzoRdv
sFPrWAo1opDNnBV6iYAnyULHFuWwcvU28n3JU945W8p/PvqJgSze77i4dmpzYkBj
ljzVrIUl2pizBmnQMj03JJ+YeB8+oKb0uD2RdqHoxkUSFGH9OW6s/qytHu/eR4uL
Y7WmIfHUxGsVRcmIjo/VaAvvWs4A3hdOL3nGdRAMQOKp+VoDcX7VDNURoxK/bkcJ
OepHSyfWPCVXvOmU5l2ov1uzVQ/F+ajeevMehuzwQlTAIur5qE2eQ2Mwitfh/7WZ
W3x67peCz51zVPtb7rkQfpzQzZKkjSAAclOYMzltv2PA5vSXZy8+hEqWZwqtesQn
ltz36bjQMvRRhr1yGDbaFI5dcTB8T/eIkzmD6wPfbd7r7SEuE0GUd8Yf69VghGL2
f+mvR8oWb2x3RHXbpFm4aIt5mJHqIgfXDAohz7lXgLyJwQefyeJ5w+W8nOe+ZSK/
yvfiVQZz9tvPq8yqC87YWTA7zcnhoSmPvXRicJakpfJL/oz043Tc17jqxIra36sA
UjXnNBNse8A=LIYI
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Summary:
Updated microcode_ctl packages that fix several security bugs and add
various
enhancements are now available.
Bug Fix(es):
* Update Intel CPU microcode to microcode-20200609 release:
- Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision
0x61f
up to 0x621;
- Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision
0x718
up to 0x71a;
- Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to
0x28;
- Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e
up to 0x2f;
- Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25
up to 0x26;
- Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to
0x1c;
- Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision
0x21
up to 0x22;
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151
up to 0x1000157;
- Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode
(in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065
up to 0x2006906;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c
up to 0x4002f01;
- Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c
up to 0x5002f01;
- Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46
up to 0x78;
- Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode
from revision 0xca up to 0xd6;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from
revision
0xca up to 0xd6;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision
0xca
up to 0xd6;
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to
0xd6;
- Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca
up to 0xd6;
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to
0xd6.
* Do not update 06-4e-03 (SKL-U/Y) and 06-5e-03 (SKL-H/S/Xeon E3 v5) to
revision
0xdc, use 0xd6 by default.
* Enable 06-2d-07 (SNB-E/EN/EP) caveat by default.
* Enable 06-55-04 (SKL-SP/X/W) caveat by default. =========================================================================
Ubuntu Security Notice USN-4389-1
June 09, 2020
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle
vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
Details:
It was discovered that the F2FS file system implementation in the Linux
kernel did not properly perform bounds checking on xattrs in some
situations. (CVE-2020-0067)
It was discovered that memory contents previously stored in
microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY
read operations on Intel client and Xeon E3 processors may be briefly
exposed to processes on the same or different processor cores. (CVE-2020-12114)
It was discovered that the USB susbsystem's scatter-gather implementation
in the Linux kernel did not properly take data references in some
situations, leading to a use-after-free. (CVE-2020-12464)
Bui Quang Minh discovered that the XDP socket implementation in the Linux
kernel did not properly validate meta-data passed from user space, leading
to an out-of-bounds write vulnerability. (CVE-2020-12659)
Dmitry Vyukov discovered that the SELinux netlink security hook in the
Linux kernel did not validate messages in some situations.
(CVE-2020-10751)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1015-aws 5.4.0-1015.15
linux-image-5.4.0-1015-gcp 5.4.0-1015.15
linux-image-5.4.0-1015-kvm 5.4.0-1015.15
linux-image-5.4.0-1015-oracle 5.4.0-1015.15
linux-image-5.4.0-1016-azure 5.4.0-1016.16
linux-image-5.4.0-37-generic 5.4.0-37.41
linux-image-5.4.0-37-generic-lpae 5.4.0-37.41
linux-image-5.4.0-37-lowlatency 5.4.0-37.41
linux-image-aws 5.4.0.1015.16
linux-image-azure 5.4.0.1016.16
linux-image-gcp 5.4.0.1015.14
linux-image-generic 5.4.0.37.40
linux-image-generic-hwe-20.04 5.4.0.37.40
linux-image-generic-lpae 5.4.0.37.40
linux-image-generic-lpae-hwe-20.04 5.4.0.37.40
linux-image-gke 5.4.0.1015.14
linux-image-kvm 5.4.0.1015.14
linux-image-lowlatency 5.4.0.37.40
linux-image-lowlatency-hwe-20.04 5.4.0.37.40
linux-image-oem 5.4.0.37.40
linux-image-oem-osp1 5.4.0.37.40
linux-image-oracle 5.4.0.1015.14
linux-image-virtual 5.4.0.37.40
linux-image-virtual-hwe-20.04 5.4.0.37.40
Please note that the mitigation for CVE-2020-0543 requires a processor
microcode update to be applied, either from your system manufacturer
or via the intel-microcode package.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well
| VAR-202006-0250 | CVE-2020-0535 | Intel(R) AMT Input verification vulnerability in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT There is an input verification vulnerability in.Information may be obtained. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. A remote attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT versions prior to 11.8.76, versions prior to 11.12.77, versions prior to 11.22.77, and versions prior to 12.0.64
| VAR-202006-1891 | No CVE | Unauthorized access vulnerability exists in Changyuan Shenrui PRS-7910 data gateway |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Changyuan Shenrui PRS-7910 Data Gateway is an Ethernet-based data gateway launched by Changyuan Shenrui Automation Automation Co., Ltd.
An unauthorized access vulnerability exists in the Changyuan Shenrui PRS-7910 data gateway machine, which can be used by attackers to obtain sensitive information.
| VAR-202006-1573 | CVE-2020-5362 | Select Dell Client Consumer and Commercial Vulnerability in lack of authentication on platform |
CVSS V2: 2.1 CVSS V3: 4.4 Severity: MEDIUM |
Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. Select Dell Client Consumer and Commercial The platform is vulnerable to lack of authentication.Information may be tampered with
| VAR-202006-1717 | CVE-2020-9076 | plural Huawei Authentication vulnerabilities in smartphone products |
CVSS V2: 4.0 CVSS V3: 6.8 Severity: MEDIUM |
HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. HUAWEI P30 , P30 Pro , Tony-AL00B There is an authentication vulnerability in.Information may be obtained and tampered with. Huawei P30, etc. are all smart phones of China's Huawei (Huawei) company
| VAR-202006-1596 | CVE-2020-7670 | agoo In HTTP Request Smagling Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers due to insufficient `Content-Length` and `Transfer Encoding` parsing. agoo To HTTP There is a vulnerability related to Request Smagling.Information may be tampered with. agoo is a Ruby-based HTTP server by Peter Ohler software developer.
There is an environmental issue vulnerability in agoo 2.12.3 and earlier versions
| VAR-202006-1778 | CVE-2020-6090 | WAGO PFC 200 Vulnerability related to authority management in |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. WAGO PFC 200 Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) made by WAGO in Germany
| VAR-202006-1716 | CVE-2020-9075 | Huawei Secospace USG6300 and USG6300E Vulnerability regarding information leakage in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage
| VAR-202006-0247 | CVE-2020-0532 | Intel(R) AMT Input verification vulnerability in |
CVSS V2: 4.8 CVSS V3: 7.1 Severity: HIGH |
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. Intel(R) AMT There is an input verification vulnerability in.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service or information disclosure. The following products and versions are affected: Intel AMT versions prior to 11.8.77, versions prior to 11.12.77, versions prior to 11.22.77, and versions prior to 12.0.64
| VAR-202006-0249 | CVE-2020-0534 | Intel(R) CSME Input verification vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. Intel(R) CSME There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. An input validation error vulnerability exists in the DAL subsystem in Intel CSME. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12
| VAR-202006-0251 | CVE-2020-0536 | Intel(R) CSME and TXE Input verification vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) CSME and TXE There is an input verification vulnerability in.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). An input validation error vulnerability exists in the DAL subsystem in Intel CSME and TXE. An attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are affected: Intel CSME before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64, before 13.0.32, before 14.0.33; before Intel TXE3.1.75 Version, version before 4.0.25
| VAR-202006-0252 | CVE-2020-0537 | Intel(R) AMT Input verification vulnerability in |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. Intel(R) AMT There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel AMT versions prior to 11.8.77, versions prior to 11.12.77, versions prior to 11.22.77, and versions prior to 12.0.64
| VAR-202006-0254 | CVE-2020-0539 | Intel(R) CSME and TXE Past Traversal Vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access. Intel(R) CSME and TXE Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A path traversal vulnerability exists in the subsystems of Intel TXE and CSME (Intel DAL software). An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel CSME before 11.8.77, before 11.12.77, before 11.22.77, before 12.0.64, before 13.0.32, before 14.0.33; Intel TXE 3.1.75 Previous versions, versions before 4.0.25
| VAR-202006-0255 | CVE-2020-0540 | Intel(R) AMT Vulnerability regarding inadequate protection of credentials in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) AMT Exists in an inadequate protection of credentials.Information may be obtained. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. A remote attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel AMT versions prior to 11.8.77, versions prior to 11.12.77, versions prior to 11.22.77, and versions prior to 12.0.64
| VAR-202006-0256 | CVE-2020-0541 | Intel(R) CSME Out-of-bounds write vulnerability in |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A buffer error vulnerability exists in a subsystem in Intel CSME. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel CSME versions prior to 12.0.64, versions prior to 13.0.32, versions prior to 14.0.33, and versions prior to 14.5.12