Lucene search

K
amazonAmazonALAS2-2019-1214
HistoryMay 29, 2019 - 6:59 p.m.

Important: kernel

2019-05-2918:59:00
alas.aws.amazon.com
16

8.3 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

7.9 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.6%

Issue Overview:

A flaw was found in the Linux kernel’s freescale hypervisor manager implementation. A parameter passed via to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system or corrupt memory or, possibly, create other adverse security affects.(CVE-2019-10142)

A new software page cache side channel attack scenario was discovered in operating systems that implement the very common ‘page cache’ caching mechanism. A malicious user/process could use ‘in memory’ page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel. (CVE-2019-5489)

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a ‘\0’ character.(CVE-2019-11884)

A flaw was found in the Linux kernel’s vfio interface implementation that permits violation of the user’s locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).(CVE-2019-3882)

If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out.(CVE-2019-9500)

A flaw was found in the Linux kernel’s implementation of ext4 extent management. The kernel doesn’t correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem. (CVE-2019-11833)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:  
    kernel-4.14.121-109.96.amzn2.aarch64  
    kernel-headers-4.14.121-109.96.amzn2.aarch64  
    kernel-debuginfo-common-aarch64-4.14.121-109.96.amzn2.aarch64  
    perf-4.14.121-109.96.amzn2.aarch64  
    perf-debuginfo-4.14.121-109.96.amzn2.aarch64  
    python-perf-4.14.121-109.96.amzn2.aarch64  
    python-perf-debuginfo-4.14.121-109.96.amzn2.aarch64  
    kernel-tools-4.14.121-109.96.amzn2.aarch64  
    kernel-tools-devel-4.14.121-109.96.amzn2.aarch64  
    kernel-tools-debuginfo-4.14.121-109.96.amzn2.aarch64  
    kernel-devel-4.14.121-109.96.amzn2.aarch64  
    kernel-debuginfo-4.14.121-109.96.amzn2.aarch64  
  
i686:  
    kernel-headers-4.14.121-109.96.amzn2.i686  
  
src:  
    kernel-4.14.121-109.96.amzn2.src  
  
x86_64:  
    kernel-4.14.121-109.96.amzn2.x86_64  
    kernel-headers-4.14.121-109.96.amzn2.x86_64  
    kernel-debuginfo-common-x86_64-4.14.121-109.96.amzn2.x86_64  
    perf-4.14.121-109.96.amzn2.x86_64  
    perf-debuginfo-4.14.121-109.96.amzn2.x86_64  
    python-perf-4.14.121-109.96.amzn2.x86_64  
    python-perf-debuginfo-4.14.121-109.96.amzn2.x86_64  
    kernel-tools-4.14.121-109.96.amzn2.x86_64  
    kernel-tools-devel-4.14.121-109.96.amzn2.x86_64  
    kernel-tools-debuginfo-4.14.121-109.96.amzn2.x86_64  
    kernel-devel-4.14.121-109.96.amzn2.x86_64  
    kernel-debuginfo-4.14.121-109.96.amzn2.x86_64  

Additional References

Red Hat: CVE-2019-10142, CVE-2019-11833, CVE-2019-11884, CVE-2019-3882, CVE-2019-5489, CVE-2019-9500

Mitre: CVE-2019-10142, CVE-2019-11833, CVE-2019-11884, CVE-2019-3882, CVE-2019-5489, CVE-2019-9500

8.3 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

7.9 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.6%