Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-4789

Опубликовано: 17 сент. 2019
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2019-4789: Unbreakable Enterprise kernel security update (IMPORTANT)

[4.14.35-1902.5.2.1]

  • vhost: make sure log_num < in_num (yongduan) [Orabug: 30312787] {CVE-2019-14835}
  • vhost: block speculation of translated descriptors (Michael S. Tsirkin) [Orabug: 30312787] {CVE-2019-14835}
  • vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30312787]

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

kernel-uek

4.14.35-1902.5.2.1.el7uek

kernel-uek-debug

4.14.35-1902.5.2.1.el7uek

kernel-uek-debug-devel

4.14.35-1902.5.2.1.el7uek

kernel-uek-devel

4.14.35-1902.5.2.1.el7uek

kernel-uek-headers

4.14.35-1902.5.2.1.el7uek

kernel-uek-tools

4.14.35-1902.5.2.1.el7uek

kernel-uek-tools-libs

4.14.35-1902.5.2.1.el7uek

kernel-uek-tools-libs-devel

4.14.35-1902.5.2.1.el7uek

perf

4.14.35-1902.5.2.1.el7uek

python-perf

4.14.35-1902.5.2.1.el7uek

Oracle Linux x86_64

kernel-uek

4.14.35-1902.5.2.1.el7uek

kernel-uek-debug

4.14.35-1902.5.2.1.el7uek

kernel-uek-debug-devel

4.14.35-1902.5.2.1.el7uek

kernel-uek-devel

4.14.35-1902.5.2.1.el7uek

kernel-uek-doc

4.14.35-1902.5.2.1.el7uek

kernel-uek-tools

4.14.35-1902.5.2.1.el7uek

Связанные CVE

CVE-2019-14835

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-14835

CVSS3: 7.8
ubuntu
почти 6 лет назад

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

redhat логотип

CVE-2019-14835

CVSS3: 7.2
redhat
почти 6 лет назад

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

nvd логотип

CVE-2019-14835

CVSS3: 7.8
nvd
почти 6 лет назад

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

debian логотип

CVE-2019-14835

CVSS3: 7.8
debian
почти 6 лет назад

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...

suse-cvrf логотип

SUSE-SU-2019:2613-1

suse-cvrf
больше 5 лет назад

Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2)