English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2020.0073
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2020-0073)
Resumen:The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0073 advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) announced via the MGASA-2020-0073 advisory.

Vulnerability Insight:
This update is based on upstream 5.4.17 and fixes at least the following
security vulnerabilities:

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel
may be able to read memory locations from another process in the same guest.
This problem is limit to the host running linux kernel 4.10 with a guest
running linux kernel 4.16 or later. The problem mainly affects AMD
processors but Intel CPUs cannot be ruled out (CVE-2019-3016).

A heap-based buffer overflow vulnerability was found in the Linux kernel,
in Marvell WiFi chip driver. A remote attacker could cause a denial of
service (system crash) or, possibly execute arbitrary code, when the
lbs_ibss_join_existing function is called after a STA connects to an AP
(CVE-2019-14896).

A stack-based buffer overflow was found in the Linux kernel, in Marvell
WiFi chip driver. An attacker is able to cause a denial of service
(system crash) or, possibly execute arbitrary code, when a STA works in
IBSS mode (allows connecting stations together without the use of an AP)
and connects to another STA (CVE-2019-14897).

fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky
use-after-free, which allows local users to cause a denial of service
(OOPS) or possibly obtain sensitive information from kernel memory, aka
CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX
domain socket, if the socket is being moved to a new parent directory and
its old parent directory is being removed (CVE-2020-8428).

arm64/KVM debug registers vulnerability affecting systems with an ARMv8.1
or later CPU (with the Virtualisation Host Extensions). The implications
are that a guest, for a brief period, may be able to read event counters
belonging to the host or potentially trigger perf-related IRQs in the host
(no CVE assigned yet).

There is also various fixes for crashing or hanging the kernel by malicious
users or devices.

Other additional fixes and features in this update:

- WireGuard kernel module has been updated to 0.0.20200128 and the tools
has been updated to 1.0.20200121.

- platform/x86: asus_wmi: Support throttle thermal policy, and set to
default to avoid overheating and throttling

- hwmon/k10temp: Support for additional temperature sensors as well as
voltage and current telemetry for Zen CPUs

- hid: add Amd Sensor Fusion Hub Driver

- e1000e: Revert 'e1000e: Make watchdog use delayed work' as it causes
issues on some systems
- e1000e: Add support for Comet Lake and Tiger Lake

- x86/timer: Don't skip PIT setup when APIC is disabled or in legacy mode
(fixing PIT not being setup on some systems)

- cifs: fix soft mounts hanging in the reconnect code

- move kernel preun bits to postun to fix grub2 menu cleanup on kernel
uninstall (mga#16268)

For other upstream fixes in this update, see the referenced changelogs.

Affected Software/OS:
'kernel, kmod-virtualbox, kmod-xtables-addons, wireguard-tools' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-14896
FEDORA-2019-8846a1a5a2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
FEDORA-2019-91f6e7bb71
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
USN-4225-1
https://usn.ubuntu.com/4225-1/
USN-4225-2
https://usn.ubuntu.com/4225-2/
USN-4226-1
https://usn.ubuntu.com/4226-1/
USN-4227-1
https://usn.ubuntu.com/4227-1/
USN-4227-2
https://usn.ubuntu.com/4227-2/
USN-4228-1
https://usn.ubuntu.com/4228-1/
USN-4228-2
https://usn.ubuntu.com/4228-2/
[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896
https://security.netapp.com/advisory/ntap-20200103-0001/
openSUSE-SU-2020:0336
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-14897
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897
Common Vulnerability Exposure (CVE) ID: CVE-2019-3016
Debian Security Information: DSA-4699 (Google Search)
https://www.debian.org/security/2020/dsa-4699
http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
http://www.openwall.com/lists/oss-security/2020/01/30/4
https://usn.ubuntu.com/4300-1/
https://usn.ubuntu.com/4301-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-8428
Debian Security Information: DSA-4667 (Google Search)
https://www.debian.org/security/2020/dsa-4667
Debian Security Information: DSA-4698 (Google Search)
https://www.debian.org/security/2020/dsa-4698
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6
https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6
https://www.openwall.com/lists/oss-security/2020/01/28/2
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
http://www.openwall.com/lists/oss-security/2020/01/28/4
http://www.openwall.com/lists/oss-security/2020/02/02/1
SuSE Security Announcement: openSUSE-SU-2020:0336 (Google Search)
https://usn.ubuntu.com/4318-1/
https://usn.ubuntu.com/4319-1/
https://usn.ubuntu.com/4320-1/
https://usn.ubuntu.com/4324-1/
https://usn.ubuntu.com/4325-1/
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.