[ALAS-2020-1338] Amazon Linux AMI 2014.03 - ALAS-2020-1338: important priority package update for kernel
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2019-19332:
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
1779594: CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
CVE-2019-19062:
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.
1775021: CVE-2019-19062 kernel: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for a DoS
- ID
- ALAS-2020-1338
- Severity
- important
- URL
- https://alas.aws.amazon.com/ALAS-2020-1338.html
- Published
-
2020-02-04T22:39:00
(4 years ago) - Modified
-
2020-02-07T17:57:00
(4 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS2-2020-1392
- ALSA-2020:4431
- ELSA-2020-4060
- ELSA-2020-5528
- ELSA-2020-5533
- ELSA-2020-5535
- ELSA-2020-5676
- ELSA-2020-5802
- ELSA-2020-5804
- ELSA-2020-5837
- ELSA-2020-5866
- ELSA-2020-5879
- FEDORA-2019-021c968423
- FEDORA-2019-124a241044
- FEDORA-2019-34a75d7e61
- FEDORA-2019-39e97683e8
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-91f6e7bb71
- FEDORA-2019-b86a7bdba0
- FEDORA-2020-203ffedeb5
- FEDORA-2020-227a4c0530
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-3cd64d683c
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-e328697628
- FEDORA-2020-f884f9dd7d
- FEDORA-2020-fe00e12580
- openSUSE-SU-2019:2675-1
- openSUSE-SU-2020:0336-1
- RHSA-2020:4060
- RHSA-2020:4062
- RHSA-2020:4431
- RHSA-2020:4609
- SSA:2020-008-01
- SSA:2020-086-01
- SUSE-SU-2019:3200-1
- SUSE-SU-2019:3289-1
- SUSE-SU-2019:3316-1
- SUSE-SU-2019:3317-1
- SUSE-SU-2019:3371-1
- SUSE-SU-2019:3372-1
- SUSE-SU-2019:3379-1
- SUSE-SU-2019:3381-1
- SUSE-SU-2019:3389-1
- SUSE-SU-2020:0093-1
- SUSE-SU-2020:0511-1
- SUSE-SU-2020:0558-1
- SUSE-SU-2020:0559-1
- SUSE-SU-2020:0560-1
- SUSE-SU-2020:0580-1
- SUSE-SU-2020:0584-1
- SUSE-SU-2020:0599-1
- SUSE-SU-2020:0605-1
- SUSE-SU-2020:0613-1
- SUSE-SU-2020:1255-1
- SUSE-SU-2020:1275-1
- SUSE-SU-2020:1663-1
- USN-4254-1
- USN-4254-2
- USN-4258-1
- USN-4284-1
- USN-4285-1
- USN-4286-1
- USN-4286-2
- USN-4287-1
- USN-4287-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2019-19062 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062 | |
CVE | CVE-2019-19332 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux | perf | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.165-102.185.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-i686 | < 4.14.165-102.185.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |