The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Уязвимость функции mincore () ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Azure Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

ELSA-2019-4746: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2019-4528: Unbreakable Enterprise kernel security update (IMPORTANT)

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel for Azure

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel