Updated kernel packages fix security vulnerabilities

This update is based on upstream 5.4.6 and fixes various potential security issues related to buffer overflows, double frees, NUll pointer dereferences, improper / missing input validations and so on. It also adds other bugfixes all over the kernel. Other fixes added in this update: - x86/MCE/AMD...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +35 more potentially affected by CVE-2019-16778 via tensorflow-gpu (>=1.10.1 <=1.14.0)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.1.0, =1.0.0, =0.2.3, =0.0.1, =0.0.7, =0.1.0, =0.6.0, =0.0.1, =0.0.10 and more Source cves: CVE-2019-16778 Source advisory: OSV:PYSEC-2019-234...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +35 more potentially affected by CVE-2019-16778 via tensorflow-gpu (>=1.10.1 <=1.14.0)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.1.0, =1.0.0, =0.2.3, =0.0.1, =0.0.7, =0.1.0, =0.6.0, =0.0.1, =0.0.10 and more Source cves: CVE-2019-16778 Source advisory: OSV:GHSA-844W-J86R-4X2J...

HPSBHF03645 rev. 3 - NVIDIA GPU Display Driver Vulnerabilities 2019

Potential Security Impact Denial of service, escalation of privilege, unauthorized code execution, or information disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY HP has been notified of potential security vulnerabilities with the GPU Displa...

CVE-2019-10545

Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150...

CVE-2019-10520

An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / ...

Design/Logic Flaw

An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / ...

Null pointer dereference

Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150...

CVE-2019-10520

An unprivileged application can allocate GPU memory by calling memory allocation ioctl function and can exhaust all the memory which results in out of memory in Snapdragon Mobile, Snapdragon Voice & Music in QCS405, SD 210/SD 212/SD 205, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / ...

CVE-2019-10520

The CVE-2019-10520 issue is a local, memory-allocator-based vulnerability described as an unprivileged app being able to allocate GPU memory via a memory allocation ioctl, potentially exhausting all memory and causing out-of-memory on Snapdragon devices (Mobile/Voice & Music) across multiple SDM/...

CVE-2019-10545

CVE-2019-10545 is a Qualcomm/ Snapdragon GPU-related vulnerability: a null pointer dereference in the kernel due to a missing LLC support check in the GPU. Affected are Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, and Snapdragon Voice ...

CVE-2019-10545

Null pointer dereference issue in kernel due to missing check related to LLC support in GPU in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM670, SDM710, SM6150, SM7150, SM8150...

CVE-2019-2217

In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:...

Seeker v1.2.1 - Accurately Locate Smartphones Using Social Engineering

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on thewhiteh4t's Blog .Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a li...

Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-089)

According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - hw: Machine Check Error on Page Size Change IFU - hw: Intel GPU blitter manipulation can allow for...

Control domain memory leak issue on Citrix Hypervisor 8.0 when GPU in use

1. Any operation on VMs start, shutdown, creating and removing snapshot etc. with GPU are extremely slow 2. Citrix Hypervisor 8.0 freezing when GPU in use...

RHEL 6 : kernel-rt (RHSA-2019:3908)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3908 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Securi...

Important kernel security update: New kernel 2.6.32-042stab141.3 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab141.3 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 based on the RHEL 6.10 kernel 2.6.32-754.24.3.el6. The new kernel inherits security fixes. Vulnerability id: CVE-2018-12207 hw: Machine Check Error on Page Size Change IFU...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2019-5688

NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool prior to 2019-11, NVIDIA kernel mode driver nvflash.sys, nvflsh32.sys, and nvflsh64.sys contains a vulnerability in which authenticated users with administrative privileges can gain access to device memory and registers of oth...