Rewterz Threat Advisory – CVE-2018-16986 – Fortinet FortiAP BLE Stack Memory Corruption Vulnerability
April 15, 2019Rewterz Threat Alert – Muddy Water Resurfaces with Fresher Indicators of Compromise
April 15, 2019Rewterz Threat Advisory – CVE-2018-16986 – Fortinet FortiAP BLE Stack Memory Corruption Vulnerability
April 15, 2019Rewterz Threat Alert – Muddy Water Resurfaces with Fresher Indicators of Compromise
April 15, 2019Severity
Medium
Analysis Summary
CVE-2019-7221
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2019-3701
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller’s I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault).
CVE-2019-9213
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
CVE-2019-8980
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-7222
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
CVE-2019-8912
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
Impact
- Denial of Service
- Privilege escalation
Affected Vendors
Oracle
Affected Products
Oracle Linux 7
Remediation
Apply updated packages concerning UEK Release 5 (aarch64, mainline Linux Kernel version 4.14.35) or UEK Release 5 (x86_64, mainline Linux Kernel version 4.14.35) via the yum or rpm utility.