kernel-3.10.0-1127.18.2.el7
エラータID: AXSA:2020-263:09
リリース日:
2020/08/11 Tuesday - 08:27
題名:
kernel-3.10.0-1127.18.2.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- drivers/hid/usbhid/hiddev.c には、悪意のある USB デバイスにより
use-after-free 状態にされることを可能とする脆弱性が存在します。この脆
弱性は CID-9c09b214f30e として報告されています。(CVE-2019-19527)
- mremap が DAX Huge Page を処理する方法には、ローカルの攻撃者により DAX
対応のストレージへのアクセスを介して、システムの権限昇格を可能とする脆
弱性が存在します。(CVE-2020-10757)
- drivers/net/wireless/marvell/mwifiex/scan.c の
mwifiex_cmd_append_vsie_tlv() 関数には、ローカルユーザにより、不正な
memcpy や、バッファオーバーフローを介して、権限昇格やサービス拒否状態
にすることを可能とする脆弱性が報告されています。この脆弱性は
CID-b70261a288ea として報告されています。(CVE-2020-12653)
- drivers/net/wireless/marvell/mwifiex/wmm.c の
mwifiex_ret_wmm_get_status() には、リモートの AP により、不正な memcpy
を介して、ヒープベースのバッファオーバーフローを引き起こすことを可能と
する脆弱性が存在します。この脆弱性は CID-3a9b153c5591 として報告されて
います。(CVE-2020-12654)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-19527
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-10757
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
CVE-2020-12653
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
CVE-2020-12654
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-3.10.0-1127.18.2.el7.src.rpm
MD5: a6836d65720886a50553fa2436a8f298
SHA-256: 3368f786d361f4cd43112c5cf85b1b0143eb0a9b5159c41ef7f3ebf2e761f591
Size: 99.33 MB
Asianux Server 7 for x86_64
- bpftool-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: 67be4d56b013ecf5dc32a88572753510
SHA-256: 1fa4fe98348613589e661a2e1267cd016f754667abc4360303ee80ba7bc9b9a7
Size: 8.40 MB - kernel-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: cd1c027a1857d02c2bc27fac621ea557
SHA-256: 0068e6565a4059f3f3e5a456a5f118ea940e2871cd83f1f5e7cc2e49326877f4
Size: 50.21 MB - kernel-abi-whitelists-3.10.0-1127.18.2.el7.noarch.rpm
MD5: d5650f32065766103cac11bbe03284a6
SHA-256: fc3e2fa6695ef29d7d54c25b76083f934e93650bfe51fb16a5a742c26acda810
Size: 7.97 MB - kernel-debug-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: ae9dc4ec98b9fa900fd7c954b4001ca9
SHA-256: baad3b30669c0dc36608b66bf0d07028d6806938a57532a887d74ddd819dc1ea
Size: 52.51 MB - kernel-debug-devel-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: ca226c5f0488bce9d7ee2ca84d5bf48a
SHA-256: 9493ae5b4085b55f5c4cd186a9a8a953455d0337505c6136d4024e44c8e6860f
Size: 17.94 MB - kernel-devel-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: da56c24207fe191bd6f228082bfec05c
SHA-256: 0b5a28bf222167260f6bd0db47d81b9d57500193dbe54c03226409b6a49bbe3f
Size: 17.87 MB - kernel-doc-3.10.0-1127.18.2.el7.noarch.rpm
MD5: 966773e8e47352fb719b8d449046b750
SHA-256: 184fadc49f2a26cd079b4403c43f409013afdb54a7a0e80a673bdf87cd476d9e
Size: 19.44 MB - kernel-headers-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: fb665ecb983c278e5f7f2c0cd03c5ec3
SHA-256: 22d19cc7e5ee512a414579261fac89f32b9b4f14f3bdebcaa6adea14605e33db
Size: 8.95 MB - kernel-tools-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: d9698a4424c4ee58609547134df4478d
SHA-256: 6de13da15f5eedc807ec4fb87665c696fba010959be31490e04126ed19cf6fab
Size: 8.05 MB - kernel-tools-libs-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: b77c52c8fc578fbd2270b1797b86d646
SHA-256: b2850f71b2f25ad733ada2c28c9804db24b01fbf584f218ab193d734db076d78
Size: 7.96 MB - perf-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: f15b47994bc4a424292ffad87be1c209
SHA-256: f134fc53222199d300926d18cfb7a3fa76b82d9633b93824c00e9823839922c5
Size: 9.60 MB - python-perf-3.10.0-1127.18.2.el7.x86_64.rpm
MD5: 99d79ccdab3af40235740dcec4d0f1cf
SHA-256: 19b34d73591302554694e49955c06bfc3cb6d59d97df0727ed96bd4687aefb4f
Size: 8.05 MB