pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2019-2700/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

345 lines
17 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192700",
"Version": "oval:org.altlinux.errata:def:20192700",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2700: package `kernel-image-un-def` update to version 5.2.15-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2700",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2700",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-04676",
"RefURL": "https://bdu.fstec.ru/vul/2019-04676",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01352",
"RefURL": "https://bdu.fstec.ru/vul/2020-01352",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01353",
"RefURL": "https://bdu.fstec.ru/vul/2020-01353",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01488",
"RefURL": "https://bdu.fstec.ru/vul/2020-01488",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01490",
"RefURL": "https://bdu.fstec.ru/vul/2020-01490",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07033",
"RefURL": "https://bdu.fstec.ru/vul/2022-07033",
"Source": "BDU"
},
{
"RefID": "BDU:2023-00699",
"RefURL": "https://bdu.fstec.ru/vul/2023-00699",
"Source": "BDU"
},
{
"RefID": "CVE-2019-14835",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14835",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15030",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15030",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15031",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15031",
"Source": "CVE"
},
{
"RefID": "CVE-2019-16229",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-16229",
"Source": "CVE"
},
{
"RefID": "CVE-2019-16230",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-16230",
"Source": "CVE"
},
{
"RefID": "CVE-2019-16231",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-16231",
"Source": "CVE"
},
{
"RefID": "CVE-2019-16232",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-16232",
"Source": "CVE"
},
{
"RefID": "CVE-2019-16233",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-16233",
"Source": "CVE"
},
{
"RefID": "CVE-2019-16234",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-16234",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-un-def to version 5.2.15-alt1. \nSecurity Fix(es):\n\n * BDU:2019-04676: Уязвимость ядра Linux, связанная с переполнения буфера виртуальной памяти, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность\n\n * BDU:2020-01352: Уязвимость компонента alloc_workqueue ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-01353: Уязвимость компонента alloc_workqueue ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-01488: Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2020-01490: Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2022-07033: Уязвимость драйвера FUJITSU Extended Socket Network ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-00699: Уязвимость видеодрайвера RADEON (drivers/gpu/drm/radeon/radeon_display.c) ядра операционной системы Linux, позволяющая локальному нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-14835: A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.\n\n * CVE-2019-15030: In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.\n\n * CVE-2019-15031: In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.\n\n * CVE-2019-16229: drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id\n\n * CVE-2019-16230: drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely\n\n * CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.\n\n * CVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.\n\n * CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.\n\n * CVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-09-16"
},
"Updated": {
"Date": "2019-09-16"
},
"BDUs": [
{
"ID": "BDU:2019-04676",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2019-04676",
"Impact": "High",
"Public": "20190911"
},
{
"ID": "BDU:2020-01352",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2020-01352",
"Impact": "High",
"Public": "20190910"
},
{
"ID": "BDU:2020-01353",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2020-01353",
"Impact": "High",
"Public": "20190910"
},
{
"ID": "BDU:2020-01488",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-20, CWE-862",
"Href": "https://bdu.fstec.ru/vul/2020-01488",
"Impact": "Low",
"Public": "20190905"
},
{
"ID": "BDU:2020-01490",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-200, CWE-662",
"Href": "https://bdu.fstec.ru/vul/2020-01490",
"Impact": "Low",
"Public": "20190904"
},
{
"ID": "BDU:2022-07033",
"CVSS": "AV:L/AC:H/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-07033",
"Impact": "Low",
"Public": "20190910"
},
{
"ID": "BDU:2023-00699",
"CVSS": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2023-00699",
"Impact": "Low",
"Public": "20190909"
}
],
"CVEs": [
{
"ID": "CVE-2019-14835",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14835",
"Impact": "High",
"Public": "20190917"
},
{
"ID": "CVE-2019-15030",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15030",
"Impact": "Low",
"Public": "20190913"
},
{
"ID": "CVE-2019-15031",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-662",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15031",
"Impact": "Low",
"Public": "20190913"
},
{
"ID": "CVE-2019-16229",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-16229",
"Impact": "Low",
"Public": "20190911"
},
{
"ID": "CVE-2019-16230",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-16230",
"Impact": "Low",
"Public": "20190911"
},
{
"ID": "CVE-2019-16231",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-16231",
"Impact": "Low",
"Public": "20190911"
},
{
"ID": "CVE-2019-16232",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-16232",
"Impact": "Low",
"Public": "20190911"
},
{
"ID": "CVE-2019-16233",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-16233",
"Impact": "Low",
"Public": "20190911"
},
{
"ID": "CVE-2019-16234",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-16234",
"Impact": "Low",
"Public": "20190911"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192700001",
"Comment": "kernel-doc-un is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700002",
"Comment": "kernel-headers-modules-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700003",
"Comment": "kernel-headers-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700004",
"Comment": "kernel-image-domU-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700005",
"Comment": "kernel-image-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700006",
"Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700007",
"Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700008",
"Comment": "kernel-modules-drm-radeon-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700009",
"Comment": "kernel-modules-drm-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700010",
"Comment": "kernel-modules-ide-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700011",
"Comment": "kernel-modules-kvm-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700012",
"Comment": "kernel-modules-staging-un-def is earlier than 1:5.2.15-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192700013",
"Comment": "kernel-modules-v4l-un-def is earlier than 1:5.2.15-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink