Mageia: Security Advisory MGASA-2020-0140. Update fixes use-after-free vulnerabilities, out-of-bounds read, and heap corruption in kernel
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Updated kernel packages fix security vulnerabilities | 14 Mar 202002:19 | – | mageia |
![]() | Updated kernel-linus packages fix security vulnerabilities | 4 Apr 202001:53 | – | mageia |
![]() | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0836-1) | 2 Apr 202000:00 | – | nessus |
![]() | openSUSE Security Update : the Linux Kernel (openSUSE-2020-388) | 30 Mar 202000:00 | – | nessus |
![]() | Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4346-1) | 29 Apr 202000:00 | – | nessus |
![]() | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1308) | 23 Mar 202000:00 | – | nessus |
![]() | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1292) | 23 Mar 202000:00 | – | nessus |
![]() | Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5691) | 20 May 202000:00 | – | nessus |
![]() | RHEL 8 : kernel (RHSA-2022:1213) | 6 Apr 202200:00 | – | nessus |
![]() | RHEL 8 : kernel-rt (RHSA-2022:1209) | 6 Apr 202200:00 | – | nessus |
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2020.0140");
script_cve_id("CVE-2019-19768", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2020-9383", "CVE-2020-9391");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-10-23T05:05:59+0000");
script_tag(name:"last_modification", value:"2024-10-23 05:05:59 +0000 (Wed, 23 Oct 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-12-18 20:09:12 +0000 (Wed, 18 Dec 2019)");
script_name("Mageia: Security Advisory (MGASA-2020-0140)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA7");
script_xref(name:"Advisory-ID", value:"MGASA-2020-0140");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2020-0140.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=26178");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=26331");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.8");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.9");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) announced via the MGASA-2020-0140 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update is based on upstream 5.5.9 and fixes at least the following
security vulnerabilities:
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the
__blk_add_trace function in kernel/trace/blktrace.c (which is used to
fill out a blk_io_trace structure and place it in a per-cpu sub-buffer)
(CVE-2019-19768).
There is a use-after-free vulnerability in the Linux kernel through 5.5.2
in the vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647).
There is a use-after-free vulnerability in the Linux kernel through 5.5.2
in the n_tty_receive_buf_common function in drivers/tty/n_tty.c
(CVE-2020-8648).
There is a use-after-free vulnerability in the Linux kernel through 5.5.2
in the vgacon_invert_region function in drivers/video/console/vgacon.c.
(CVE-2020-8649).
An issue was discovered in the Linux kernel through 5.5.6. set_fdc in
drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read
because the FDC index is not checked for errors before assigning it,
aka CID-2e90ca68b0d2 (CVE-2020-9383).
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6
on the AArch64 architecture. It ignores the top byte in the address
passed to the brk system call, potentially moving the memory break
downwards when the application expects it to move upwards, aka CID-
dcde237319e6. This has been observed to cause heap corruption with
the GNU C Library malloc implementation (CVE-2020-9391).
Other notable changes in this update:
- kernel is built with the updated gcc-8.4.0, thus fixing the issue
with nvidia drivers complaining about gcc mismatch and failing the
dkms-nvidia* builds.
- ahci: Add Intel Comet Lake H RAID PCI ID
- update Amd Sensor Fusion Hub driver to v4
- replace staging exfat driver with new upstream exfat driver
- update rtl8812au driver for more hw support (mga#26178)
- fscrypt: don't evict dirty inodes after removing key");
script_tag(name:"affected", value:"'kernel, kmod-virtualbox, kmod-xtables-addons' package(s) on Mageia 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA7") {
if(!isnull(res = isrpmvuln(pkg:"bpftool", rpm:"bpftool~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cpupower", rpm:"cpupower~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cpupower-devel", rpm:"cpupower-devel~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel", rpm:"kernel~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-5.5.9-1.mga7", rpm:"kernel-desktop-5.5.9-1.mga7~1~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-devel-5.5.9-1.mga7", rpm:"kernel-desktop-devel-5.5.9-1.mga7~1~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-devel-latest", rpm:"kernel-desktop-devel-latest~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop-latest", rpm:"kernel-desktop-latest~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop586-5.5.9-1.mga7", rpm:"kernel-desktop586-5.5.9-1.mga7~1~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop586-devel-5.5.9-1.mga7", rpm:"kernel-desktop586-devel-5.5.9-1.mga7~1~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop586-devel-latest", rpm:"kernel-desktop586-devel-latest~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-desktop586-latest", rpm:"kernel-desktop586-latest~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-server-5.5.9-1.mga7", rpm:"kernel-server-5.5.9-1.mga7~1~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-server-devel-5.5.9-1.mga7", rpm:"kernel-server-devel-5.5.9-1.mga7~1~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-server-devel-latest", rpm:"kernel-server-devel-latest~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-server-latest", rpm:"kernel-server-latest~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source-5.5.9-1.mga7", rpm:"kernel-source-5.5.9-1.mga7~1~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source-latest", rpm:"kernel-source-latest~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-userspace-headers", rpm:"kernel-userspace-headers~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kmod-virtualbox", rpm:"kmod-virtualbox~6.0.18~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kmod-xtables-addons", rpm:"kmod-xtables-addons~3.8~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64bpf-devel", rpm:"lib64bpf-devel~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64bpf0", rpm:"lib64bpf0~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libbpf-devel", rpm:"libbpf-devel~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libbpf0", rpm:"libbpf0~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perf", rpm:"perf~5.5.9~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-kernel-5.5.9-desktop-1.mga7", rpm:"virtualbox-kernel-5.5.9-desktop-1.mga7~6.0.18~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-kernel-5.5.9-desktop586-1.mga7", rpm:"virtualbox-kernel-5.5.9-desktop586-1.mga7~6.0.18~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-kernel-5.5.9-server-1.mga7", rpm:"virtualbox-kernel-5.5.9-server-1.mga7~6.0.18~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-kernel-desktop-latest", rpm:"virtualbox-kernel-desktop-latest~6.0.18~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-kernel-desktop586-latest", rpm:"virtualbox-kernel-desktop586-latest~6.0.18~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-kernel-server-latest", rpm:"virtualbox-kernel-server-latest~6.0.18~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xtables-addons-kernel-5.5.9-desktop-1.mga7", rpm:"xtables-addons-kernel-5.5.9-desktop-1.mga7~3.8~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xtables-addons-kernel-5.5.9-desktop586-1.mga7", rpm:"xtables-addons-kernel-5.5.9-desktop586-1.mga7~3.8~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xtables-addons-kernel-5.5.9-server-1.mga7", rpm:"xtables-addons-kernel-5.5.9-server-1.mga7~3.8~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xtables-addons-kernel-desktop-latest", rpm:"xtables-addons-kernel-desktop-latest~3.8~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xtables-addons-kernel-desktop586-latest", rpm:"xtables-addons-kernel-desktop586-latest~3.8~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"xtables-addons-kernel-server-latest", rpm:"xtables-addons-kernel-server-latest~3.8~5.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo