ELSA-2020-5671

Опубликовано: 07 мая 2020

Источник: oracle-oval

Платформа: Oracle Linux 6

Платформа: Oracle Linux 7

Описание

ELSA-2020-5671: Unbreakable Enterprise kernel security update (IMPORTANT)

kernel-uek [3.8.13-118.45.1]

HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206361] {CVE-2019-19527}
HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206361] {CVE-2019-19527}
HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208623] {CVE-2019-19532}
drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (Murray McAllister) [Orabug: 31224360] {CVE-2017-7261}
brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 31234676] {CVE-2019-9503}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

dtrace-modules-3.8.13-118.45.1.el6uek

0.4.5-3.el6

kernel-uek

3.8.13-118.45.1.el6uek

kernel-uek-debug

3.8.13-118.45.1.el6uek

kernel-uek-debug-devel

3.8.13-118.45.1.el6uek

kernel-uek-devel

3.8.13-118.45.1.el6uek

kernel-uek-doc

3.8.13-118.45.1.el6uek

kernel-uek-firmware

3.8.13-118.45.1.el6uek

Oracle Linux 7

Oracle Linux x86_64

dtrace-modules-3.8.13-118.45.1.el7uek

0.4.5-3.el7

kernel-uek

3.8.13-118.45.1.el7uek

kernel-uek-debug

3.8.13-118.45.1.el7uek

kernel-uek-debug-devel

3.8.13-118.45.1.el7uek

kernel-uek-devel

3.8.13-118.45.1.el7uek

kernel-uek-doc

3.8.13-118.45.1.el7uek

kernel-uek-firmware

3.8.13-118.45.1.el7uek

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2017-7261

CVSS3: 5.5

ubuntu

около 8 лет назад

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.