Описание
Security update for the Linux Kernel (Live Patch 6 for SLE 15)
This update for the Linux Kernel 4.12.14-25_22 fixes several issues.
The following security issues were fixed:
- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446).
- CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586).
- CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586)
- CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191).
- CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics may allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135280).
Список пакетов
SUSE Linux Enterprise Live Patching 15
Ссылки
- Link for SUSE-SU-2019:1581-1
- E-Mail link for SUSE-SU-2019:1581-1
- SUSE Security Ratings
- SUSE Bug 1133191
- SUSE Bug 1135280
- SUSE Bug 1136446
- SUSE Bug 1136935
- SUSE Bug 1137597
- SUSE CVE CVE-2019-11085 page
- SUSE CVE CVE-2019-11477 page
- SUSE CVE CVE-2019-11478 page
- SUSE CVE CVE-2019-11487 page
- SUSE CVE CVE-2019-3846 page
Описание
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Затронутые продукты
Ссылки
- CVE-2019-11085
- SUSE Bug 1135278
- SUSE Bug 1135280
Описание
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
Затронутые продукты
Ссылки
- CVE-2019-11477
- SUSE Bug 1132686
- SUSE Bug 1137586
- SUSE Bug 1142129
- SUSE Bug 1153242
Описание
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
Затронутые продукты
Ссылки
- CVE-2019-11478
- SUSE Bug 1132686
- SUSE Bug 1137586
- SUSE Bug 1142129
- SUSE Bug 1143542
Описание
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
Затронутые продукты
Ссылки
- CVE-2019-11487
- SUSE Bug 1133190
- SUSE Bug 1133191
Описание
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
Затронутые продукты
Ссылки
- CVE-2019-3846
- SUSE Bug 1136424
- SUSE Bug 1136446
- SUSE Bug 1156330