Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Summary

There are multiple security vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus.

Vulnerability Details

CVEID:CVE-2019-19532
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by multiple out-of-bound write conditions in HID drivers.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172610 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID:CVE-2019-19529
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/net/can/usb/mcba_usb.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172526 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19530
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/usb/class/cdc-acm.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172527 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19526
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/nfc/pn533/usb.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172523 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19531
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/usb/misc/yurex.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172528 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19524
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/input/ff-memless.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172521 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19537
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition in drivers/usb/core/file.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause the system to stop responding.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172608 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19527
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/hid/usbhid/hiddev.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172524 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-18811
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the sof_set_get_large_ctrl_data function in sound/soc/sof/ipc.c. By triggering sof_get_ctrl_copy_params() failures, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171184 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-18810
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the komeda_wb_connector_add function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c. By triggering drm_writeback_connector_init() failures, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171183 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-18813
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the dwc3_pci_probe function in drivers/usb/dwc3/dwc3-pci.c. By triggering platform_device_add_properties() failures, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171186 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-18812
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the sof_dfsentry_write function in sound/soc/sof/debug.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171185 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-18808
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the ccp_run_sha_cmd function in drivers/crypto/ccp/ccp-ops.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171181 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-18807
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by two memory leaks in the sja1105_static_config_upload function in drivers/net/dsa/sja1105/sja1105_spi.c. By triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171180 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-18809
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the af9005_identify_state function in drivers/media/usb/dvb-usb/af9005.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171182 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-18814
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the aa_audit_rule_init function in security/apparmor/audit.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171187 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-18806
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the ql_alloc_large_buffers function in drivers/net/ethernet/qlogic/qla3xxx.c. By triggering pci_dma_mapping_error() failures, a local authenticated attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171179 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-8428
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in may_create_in_sticky. By executing a specially-crafted program, a local attacker could exploit this vulnerability to cause the system to crash, or possibly leak information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175359 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H)

CVEID:CVE-2019-16714
**DESCRIPTION:**Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the failure to initialize the tos and flags fields in the rds6_inc_info_copy function in net/rds/recv.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the kernel stack memory.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167373 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2019-10639
**DESCRIPTION:**Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the use of a weak function to generate IP packet IDs. By sniffing the network, an attacker could exploit this vulnerability to obtain hash collisions information to derive the hashing key.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167414 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2019-15538
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw in xfs_setattr_nonsize in fs/xfs/xfs_iops.c. By sending a specially-crafted system call, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165865 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-18198
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a reference count usage error in the fib6_rule_suppress function in the fib6 suppression feature of net/ipv6/fib6_rules.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to corrupt the memory resulting in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169685 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-15505
**DESCRIPTION:**Linux Kernel could allow a physical attacker to obtain sensitive information, caused by an out-of-bounds read flaw in technisat-usb2.c. By using a specially-crafted USB device, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition on the system.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165745 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2019-15504
**DESCRIPTION:**Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a double free flaw in rsi_91x_usb.c. By using a specially-crafted USB device, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165744 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-15902
**DESCRIPTION:**Linux Kernel could provide weaker than expected security, caused by a backporting error. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166561 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-19602
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory corruption in fpregs_state_valid in arch/x86/include/asm/fpu/internal.h. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172692 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-14898
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition in between mmget_not_zero()/get_task_mm() and core dumping. By using a specially-crafted system call, a local authenticated attacker could exploit this vulnerability to cause the system to crash or obtain sensitive information.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175727 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)

CVEID:CVE-2019-18282
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by a device tracking vulnerability in flow_dissector feature. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174716 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Workarounds and Mitigations

None