Описание
Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3)
This update for the Linux Kernel 4.4.175-94_79 fixes one issue.
The following security issue was fixed:
- CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378).
Список пакетов
SUSE Linux Enterprise Live Patching 12 SP3
kgraft-patch-4_4_175-94_79-default-2-2.1
Ссылки
- Link for SUSE-SU-2019:0761-1
- E-Mail link for SUSE-SU-2019:0761-1
- SUSE Security Ratings
- SUSE Bug 1128378
- SUSE CVE CVE-2019-9213 page
Описание
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
Затронутые продукты
SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_175-94_79-default-2-2.1
Ссылки
- CVE-2019-9213
- SUSE Bug 1128166
- SUSE Bug 1128378
- SUSE Bug 1129016