Lucene search

K
oraclelinux
OracleLinuxELSA-2020-5526
HistoryJan 30, 2020 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2020-01-3000:00:00
linux.oracle.com
65

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

[4.14.35-1902.10.4.el7uek]

  • kvm: Donโ€™t reference vcpu->arch.st in arch-independent code (Boris Ostrovsky) [Orabug: 30489861]
  • kvm: fix compile on s390 part 2 (Christian Borntraeger) [Orabug: 30489861]
  • kvm: fix compilation on s390 (Paolo Bonzini) [Orabug: 30489861]
  • kvm: fix compilation on aarch64 (Paolo Bonzini) [Orabug: 30489861]
    [4.14.35-1902.10.3.el7uek]
  • x86/KVM: Clean up hostโ€™s steal time structure (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
  • x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
  • x86/kvm: Cache gfn to pfn translation (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
  • x86/kvm: Introduce kvm_(un)map_gfn() (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
  • x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
  • KVM: Properly check if page is valid in kvm_vcpu_unmap (KarimAllah Ahmed) [Orabug: 30489861]
  • KVM: Introduce a new guest mapping API (KarimAllah Ahmed) [Orabug: 30489861]
  • KVM: x86: svm: make sure NMI is injected after nmi_singlestep (Vitaly Kuznetsov) [Orabug: 30714532]
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

Related for ELSA-2020-5526