pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c9f2/ALT-PU-2019-2746/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

1131 lines
60 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20192746",
"Version": "oval:org.altlinux.errata:def:20192746",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-2746: package `kernel-image-mp` update to version 5.2.16-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-2746",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-2746",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-02927",
"RefURL": "https://bdu.fstec.ru/vul/2019-02927",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03086",
"RefURL": "https://bdu.fstec.ru/vul/2019-03086",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03087",
"RefURL": "https://bdu.fstec.ru/vul/2019-03087",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03088",
"RefURL": "https://bdu.fstec.ru/vul/2019-03088",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03091",
"RefURL": "https://bdu.fstec.ru/vul/2019-03091",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03093",
"RefURL": "https://bdu.fstec.ru/vul/2019-03093",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03095",
"RefURL": "https://bdu.fstec.ru/vul/2019-03095",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03097",
"RefURL": "https://bdu.fstec.ru/vul/2019-03097",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03220",
"RefURL": "https://bdu.fstec.ru/vul/2019-03220",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03410",
"RefURL": "https://bdu.fstec.ru/vul/2019-03410",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03478",
"RefURL": "https://bdu.fstec.ru/vul/2019-03478",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03626",
"RefURL": "https://bdu.fstec.ru/vul/2019-03626",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03627",
"RefURL": "https://bdu.fstec.ru/vul/2019-03627",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03628",
"RefURL": "https://bdu.fstec.ru/vul/2019-03628",
"Source": "BDU"
},
{
"RefID": "BDU:2019-03812",
"RefURL": "https://bdu.fstec.ru/vul/2019-03812",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04787",
"RefURL": "https://bdu.fstec.ru/vul/2019-04787",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04876",
"RefURL": "https://bdu.fstec.ru/vul/2019-04876",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00286",
"RefURL": "https://bdu.fstec.ru/vul/2020-00286",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00289",
"RefURL": "https://bdu.fstec.ru/vul/2020-00289",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00291",
"RefURL": "https://bdu.fstec.ru/vul/2020-00291",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00295",
"RefURL": "https://bdu.fstec.ru/vul/2020-00295",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00297",
"RefURL": "https://bdu.fstec.ru/vul/2020-00297",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00298",
"RefURL": "https://bdu.fstec.ru/vul/2020-00298",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00352",
"RefURL": "https://bdu.fstec.ru/vul/2020-00352",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00361",
"RefURL": "https://bdu.fstec.ru/vul/2020-00361",
"Source": "BDU"
},
{
"RefID": "BDU:2020-00846",
"RefURL": "https://bdu.fstec.ru/vul/2020-00846",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01384",
"RefURL": "https://bdu.fstec.ru/vul/2020-01384",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01488",
"RefURL": "https://bdu.fstec.ru/vul/2020-01488",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01490",
"RefURL": "https://bdu.fstec.ru/vul/2020-01490",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01593",
"RefURL": "https://bdu.fstec.ru/vul/2020-01593",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01862",
"RefURL": "https://bdu.fstec.ru/vul/2020-01862",
"Source": "BDU"
},
{
"RefID": "BDU:2020-01891",
"RefURL": "https://bdu.fstec.ru/vul/2020-01891",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00258",
"RefURL": "https://bdu.fstec.ru/vul/2021-00258",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02579",
"RefURL": "https://bdu.fstec.ru/vul/2021-02579",
"Source": "BDU"
},
{
"RefID": "BDU:2021-03187",
"RefURL": "https://bdu.fstec.ru/vul/2021-03187",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06411",
"RefURL": "https://bdu.fstec.ru/vul/2021-06411",
"Source": "BDU"
},
{
"RefID": "CVE-2019-0145",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-0145",
"Source": "CVE"
},
{
"RefID": "CVE-2019-10126",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-10126",
"Source": "CVE"
},
{
"RefID": "CVE-2019-13272",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13272",
"Source": "CVE"
},
{
"RefID": "CVE-2019-13631",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13631",
"Source": "CVE"
},
{
"RefID": "CVE-2019-13648",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-13648",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14283",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14283",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14284",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14284",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15030",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15030",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15031",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15031",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15098",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15098",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15117",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15117",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15118",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15118",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15211",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15211",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15213",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15213",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15215",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15215",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15217",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15217",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15220",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15220",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15221",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15221",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15222",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15222",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15291",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15291",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15504",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15504",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15925",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15925",
"Source": "CVE"
},
{
"RefID": "CVE-2019-15926",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-15926",
"Source": "CVE"
},
{
"RefID": "CVE-2019-16089",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-16089",
"Source": "CVE"
},
{
"RefID": "CVE-2019-16714",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-16714",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17351",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17351",
"Source": "CVE"
},
{
"RefID": "CVE-2019-17666",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-17666",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19527",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19527",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19530",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19530",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19531",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19531",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19535",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19535",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19536",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19536",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19537",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19537",
"Source": "CVE"
},
{
"RefID": "CVE-2019-19816",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-19816",
"Source": "CVE"
},
{
"RefID": "CVE-2019-20806",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-20806",
"Source": "CVE"
},
{
"RefID": "CVE-2019-3846",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-3846",
"Source": "CVE"
},
{
"RefID": "CVE-2020-10720",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-10720",
"Source": "CVE"
},
{
"RefID": "CVE-2020-11669",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-11669",
"Source": "CVE"
},
{
"RefID": "CVE-2020-7053",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-7053",
"Source": "CVE"
}
],
"Description": "This update upgrades kernel-image-mp to version 5.2.16-alt1. \nSecurity Fix(es):\n\n * BDU:2019-02927: Уязвимость функции mwifiex_update_bss_desc_with_ie ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии, вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2019-03086: Уязвимость драйвера sound/usb/helper.c (motu_microbookii) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03087: Уязвимость драйвера sound/usb/line6/pcm.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03088: Уязвимость драйвера drivers/net/wireless/intersil/p54/p54usb.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03091: Уязвимость драйвера drivers/media/usb/zr364xx/zr364xx.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03093: Уязвимость драйвера drivers/media/usb/cpia2/cpia2_usb.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03095: Уязвимость драйвера drivers/media/usb/dvb-usb/dvb-usb-init.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03097: Уязвимость драйвера drivers/media/v4l2-core/v4l2-dev.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03220: Уязвимость драйвера drivers/net/wireless/ath/ath6kl/usb.c ядра операционных систем Linux, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03410: Уязвимость функции set_geometry (drivers/block/floppy.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или раскрыть защищаемую информацию\n\n * BDU:2019-03478: Уязвимость функции nbd_genl_status ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03626: Уязвимость функции parse_hid_report_descriptor() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании\n\n * BDU:2019-03627: Уязвимость ядра операционной системы Linux, связанная с ошибкой управления ресурсами, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03628: Уязвимость функции setup_format_params() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-03812: Уязвимость функции rtl_p2p_noa_ie из drivers/net/wireless/realtek/rtlwifi/ps.c ядра операционной системы Linux, связанная с переполнением буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2019-04787: Уязвимость функций ath6kl_wmi_pstream_timeout_event_rx и ath6kl_wmi_cac_event_rx ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании\n\n * BDU:2019-04876: Уязвимость драйвера i40e контроллеров Intel Ethernet серии 700, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2020-00286: Уязвимость драйвера drivers/usb/class/cdc-acm.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00289: Уязвимость драйвера drivers/usb/core/file.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00291: Уязвимость драйвера drivers/net/can/usb/peak_usb/pcan_usb_fd.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2020-00295: Уязвимость драйвера drivers/hid/usbhid/hiddev.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00297: Уязвимость драйвера drivers/usb/misc/yurex.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2020-00298: Уязвимость драйвера drivers/net/can/usb/peak_usb/pcan_usb_pro.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию\n\n * BDU:2020-00352: Уязвимость функции __btrfs_map_block ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00361: Уязвимость функции i915_ppgtt_close (drivers/gpu/drm/i915/i915_gem_gtt.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-00846: Уязвимость функции hclge_tm_schd_mode_vnet_base_cfg ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-01384: Уязвимость драйвера drivers/xen/balloon.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2020-01488: Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2020-01490: Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации\n\n * BDU:2020-01593: Уязвимость функции mwifiex_uap_parse_tail_ies ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2020-01862: Уязвимость функции в drivers/net/wireless/rsi/rsi_91x_usb.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2020-01891: Уязвимость функции ptrace_link ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии\n\n * BDU:2021-00258: Уязвимость функции w5864_handle_frame () ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-02579: Уязвимость функции idle_book3s ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-03187: Уязвимость реализации Generic receive offload (GRO) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-06411: Уязвимость компонента sound/usb/mixer.c ядра операционной системы Linux, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * CVE-2019-0145: Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.\n\n * CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.\n\n * CVE-2019-13272: In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.\n\n * CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.\n\n * CVE-2019-13648: In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.\n\n * CVE-2019-14283: In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.\n\n * CVE-2019-14284: In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.\n\n * CVE-2019-15030: In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.\n\n * CVE-2019-15031: In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.\n\n * CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.\n\n * CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.\n\n * CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.\n\n * CVE-2019-15211: An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.\n\n * CVE-2019-15213: An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.\n\n * CVE-2019-15215: An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.\n\n * CVE-2019-15217: An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.\n\n * CVE-2019-15220: An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.\n\n * CVE-2019-15221: An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.\n\n * CVE-2019-15222: An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver.\n\n * CVE-2019-15291: An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.\n\n * CVE-2019-15504: drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).\n\n * CVE-2019-15925: An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.\n\n * CVE-2019-15926: An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.\n\n * CVE-2019-16089: An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.\n\n * CVE-2019-16714: In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.\n\n * CVE-2019-17351: An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.\n\n * CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.\n\n * CVE-2019-19527: In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.\n\n * CVE-2019-19530: In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.\n\n * CVE-2019-19531: In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.\n\n * CVE-2019-19535: In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.\n\n * CVE-2019-19536: In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.\n\n * CVE-2019-19537: In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.\n\n * CVE-2019-19816: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.\n\n * CVE-2019-20806: An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.\n\n * CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.\n\n * CVE-2020-10720: A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.\n\n * CVE-2020-11669: An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.\n\n * CVE-2020-7053: In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-09-19"
},
"Updated": {
"Date": "2019-09-19"
},
"BDUs": [
{
"ID": "BDU:2019-02927",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-02927",
"Impact": "High",
"Public": "20190530"
},
{
"ID": "BDU:2019-03086",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03086",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "BDU:2019-03087",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03087",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "BDU:2019-03088",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-03088",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "BDU:2019-03091",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03091",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "BDU:2019-03093",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-03093",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "BDU:2019-03095",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-03095",
"Impact": "Low",
"Public": "20190522"
},
{
"ID": "BDU:2019-03097",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2019-03097",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "BDU:2019-03220",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03220",
"Impact": "Low",
"Public": "20190814"
},
{
"ID": "BDU:2019-03410",
"CVSS": "AV:L/AC:L/Au:S/C:P/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H",
"CWE": "CWE-125, CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-03410",
"Impact": "Low",
"Public": "20190717"
},
{
"ID": "BDU:2019-03478",
"CVSS": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2019-03478",
"Impact": "Low",
"Public": "20190905"
},
{
"ID": "BDU:2019-03626",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-03626",
"Impact": "Low",
"Public": "20190713"
},
{
"ID": "BDU:2019-03627",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2019-03627",
"Impact": "Low",
"Public": "20190718"
},
{
"ID": "BDU:2019-03628",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://bdu.fstec.ru/vul/2019-03628",
"Impact": "Low",
"Public": "20190717"
},
{
"ID": "BDU:2019-03812",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2019-03812",
"Impact": "High",
"Public": "20191015"
},
{
"ID": "BDU:2019-04787",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-04787",
"Impact": "Critical",
"Public": "20190429"
},
{
"ID": "BDU:2019-04876",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2019-04876",
"Impact": "High",
"Public": "20190504"
},
{
"ID": "BDU:2020-00286",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00286",
"Impact": "Low",
"Public": "20190815"
},
{
"ID": "BDU:2020-00289",
"CVSS": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2020-00289",
"Impact": "Low",
"Public": "20190812"
},
{
"ID": "BDU:2020-00291",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-908, CWE-909",
"Href": "https://bdu.fstec.ru/vul/2020-00291",
"Impact": "Low",
"Public": "20190802"
},
{
"ID": "BDU:2020-00295",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00295",
"Impact": "Low",
"Public": "20190806"
},
{
"ID": "BDU:2020-00297",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00297",
"Impact": "Low",
"Public": "20190805"
},
{
"ID": "BDU:2020-00298",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-200, CWE-909",
"Href": "https://bdu.fstec.ru/vul/2020-00298",
"Impact": "Low",
"Public": "20190802"
},
{
"ID": "BDU:2020-00352",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-00352",
"Impact": "High",
"Public": "20190429"
},
{
"ID": "BDU:2020-00361",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2020-00361",
"Impact": "High",
"Public": "20190321"
},
{
"ID": "BDU:2020-00846",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2020-00846",
"Impact": "High",
"Public": "20190628"
},
{
"ID": "BDU:2020-01384",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-400, CWE-770",
"Href": "https://bdu.fstec.ru/vul/2020-01384",
"Impact": "Low",
"Public": "20190718"
},
{
"ID": "BDU:2020-01488",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-20, CWE-862",
"Href": "https://bdu.fstec.ru/vul/2020-01488",
"Impact": "Low",
"Public": "20190905"
},
{
"ID": "BDU:2020-01490",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-200, CWE-662",
"Href": "https://bdu.fstec.ru/vul/2020-01490",
"Impact": "Low",
"Public": "20190904"
},
{
"ID": "BDU:2020-01593",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2020-01593",
"Impact": "Critical",
"Public": "20190601"
},
{
"ID": "BDU:2020-01862",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://bdu.fstec.ru/vul/2020-01862",
"Impact": "Critical",
"Public": "20190822"
},
{
"ID": "BDU:2020-01891",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264, CWE-269",
"Href": "https://bdu.fstec.ru/vul/2020-01891",
"Impact": "High",
"Public": "20190705"
},
{
"ID": "BDU:2021-00258",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2021-00258",
"Impact": "Low",
"Public": "20190329"
},
{
"ID": "BDU:2021-02579",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-393, CWE-399",
"Href": "https://bdu.fstec.ru/vul/2021-02579",
"Impact": "Low",
"Public": "20190421"
},
{
"ID": "BDU:2021-03187",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-03187",
"Impact": "Low",
"Public": "20190530"
},
{
"ID": "BDU:2021-06411",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-06411",
"Impact": "High",
"Public": "20190814"
}
],
"CVEs": [
{
"ID": "CVE-2019-0145",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-0145",
"Impact": "High",
"Public": "20191114"
},
{
"ID": "CVE-2019-10126",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-10126",
"Impact": "Critical",
"Public": "20190614"
},
{
"ID": "CVE-2019-13272",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-269",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13272",
"Impact": "High",
"Public": "20190717"
},
{
"ID": "CVE-2019-13631",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13631",
"Impact": "Low",
"Public": "20190717"
},
{
"ID": "CVE-2019-13648",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-13648",
"Impact": "Low",
"Public": "20190719"
},
{
"ID": "CVE-2019-14283",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14283",
"Impact": "Low",
"Public": "20190726"
},
{
"ID": "CVE-2019-14284",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-369",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14284",
"Impact": "Low",
"Public": "20190726"
},
{
"ID": "CVE-2019-15030",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15030",
"Impact": "Low",
"Public": "20190913"
},
{
"ID": "CVE-2019-15031",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"CWE": "CWE-662",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15031",
"Impact": "Low",
"Public": "20190913"
},
{
"ID": "CVE-2019-15098",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15098",
"Impact": "Low",
"Public": "20190816"
},
{
"ID": "CVE-2019-15117",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15117",
"Impact": "High",
"Public": "20190816"
},
{
"ID": "CVE-2019-15118",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15118",
"Impact": "Low",
"Public": "20190816"
},
{
"ID": "CVE-2019-15211",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15211",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "CVE-2019-15213",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15213",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "CVE-2019-15215",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15215",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "CVE-2019-15217",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15217",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "CVE-2019-15220",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15220",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "CVE-2019-15221",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15221",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "CVE-2019-15222",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15222",
"Impact": "Low",
"Public": "20190819"
},
{
"ID": "CVE-2019-15291",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15291",
"Impact": "Low",
"Public": "20190820"
},
{
"ID": "CVE-2019-15504",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15504",
"Impact": "Critical",
"Public": "20190823"
},
{
"ID": "CVE-2019-15925",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15925",
"Impact": "High",
"Public": "20190904"
},
{
"ID": "CVE-2019-15926",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-15926",
"Impact": "Critical",
"Public": "20190904"
},
{
"ID": "CVE-2019-16089",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-16089",
"Impact": "Low",
"Public": "20190906"
},
{
"ID": "CVE-2019-16714",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-909",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-16714",
"Impact": "High",
"Public": "20190923"
},
{
"ID": "CVE-2019-17351",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17351",
"Impact": "Low",
"Public": "20191008"
},
{
"ID": "CVE-2019-17666",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-17666",
"Impact": "High",
"Public": "20191017"
},
{
"ID": "CVE-2019-19527",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19527",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19530",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19530",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19531",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19531",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19535",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-908",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19535",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19536",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-909",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19536",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19537",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19537",
"Impact": "Low",
"Public": "20191203"
},
{
"ID": "CVE-2019-19816",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-19816",
"Impact": "High",
"Public": "20191217"
},
{
"ID": "CVE-2019-20806",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-20806",
"Impact": "Low",
"Public": "20200527"
},
{
"ID": "CVE-2019-3846",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3846",
"Impact": "High",
"Public": "20190603"
},
{
"ID": "CVE-2020-10720",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-10720",
"Impact": "Low",
"Public": "20200903"
},
{
"ID": "CVE-2020-11669",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-11669",
"Impact": "Low",
"Public": "20200410"
},
{
"ID": "CVE-2020-7053",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-7053",
"Impact": "High",
"Public": "20200114"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20192746001",
"Comment": "kernel-headers-modules-mp is earlier than 0:5.2.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192746002",
"Comment": "kernel-headers-mp is earlier than 0:5.2.16-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20192746003",
"Comment": "kernel-image-mp is earlier than 0:5.2.16-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink