Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1940.NASL
HistoryOct 02, 2019 - 12:00 a.m.

Debian DLA-1940-1 : linux-4.9 security update

2019-10-0200:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.1%

JSON

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2019-14821

Matt Delco reported a race condition in KVM’s coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. A local attacker permitted to access /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.

CVE-2019-14835

Peter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. An attacker in control of a VM could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation on the host.

CVE-2019-15117

Hui Peng and Mathias Payer reported a missing bounds check in the usb-audio driver’s descriptor parsing code, leading to a buffer over-read. An attacker able to add USB devices could possibly use this to cause a denial of service (crash).

CVE-2019-15118

Hui Peng and Mathias Payer reported unbounded recursion in the usb-audio driver’s descriptor parsing code, leading to a stack overflow. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. On the amd64 architecture this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash.

CVE-2019-15902

Brad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function.

For Debian 8 ‘Jessie’, these problems have been fixed in version 4.9.189-3+deb9u1~deb8u1.

We recommend that you upgrade your linux-4.9 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1940-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(129505);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/22");

  script_cve_id(
    "CVE-2019-14821",
    "CVE-2019-14835",
    "CVE-2019-15117",
    "CVE-2019-15118",
    "CVE-2019-15902"
  );

  script_name(english:"Debian DLA-1940-1 : linux-4.9 security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2019-14821

Matt Delco reported a race condition in KVM's coalesced MMIO facility,
which could lead to out-of-bounds access in the kernel. A local
attacker permitted to access /dev/kvm could use this to cause a denial
of service (memory corruption or crash) or possibly for privilege
escalation.

CVE-2019-14835

Peter Pi of Tencent Blade Team discovered a missing bounds check in
vhost_net, the network back-end driver for KVM hosts, leading to a
buffer overflow when the host begins live migration of a VM. An
attacker in control of a VM could use this to cause a denial of
service (memory corruption or crash) or possibly for privilege
escalation on the host.

CVE-2019-15117

Hui Peng and Mathias Payer reported a missing bounds check in the
usb-audio driver's descriptor parsing code, leading to a buffer
over-read. An attacker able to add USB devices could possibly use this
to cause a denial of service (crash).

CVE-2019-15118

Hui Peng and Mathias Payer reported unbounded recursion in the
usb-audio driver's descriptor parsing code, leading to a stack
overflow. An attacker able to add USB devices could use this to cause
a denial of service (memory corruption or crash) or possibly for
privilege escalation. On the amd64 architecture this is mitigated by a
guard page on the kernel stack, so that it is only possible to cause a
crash.

CVE-2019-15902

Brad Spengler reported that a backporting error reintroduced a
spectre-v1 vulnerability in the ptrace subsystem in the
ptrace_get_debugreg() function.

For Debian 8 'Jessie', these problems have been fixed in version
4.9.189-3+deb9u1~deb8u1.

We recommend that you upgrade your linux-4.9 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/linux-4.9");
  script_set_attribute(attribute:"solution", value:
"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14835");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-14821");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-perf-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-arm", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-doc-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armel", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armhf", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-i386", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common-rt", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-marvell", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-marvell", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-kbuild-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-manual-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-perf-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-source-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-support-4.9.0-0.bpo.7", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxlinux-compiler-gcc-4.9-armp-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm
debiandebian_linuxlinux-doc-4.9p-cpe:/a:debian:debian_linux:linux-doc-4.9
debiandebian_linuxlinux-headers-4.9.0-0.bpo.7-686p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686
debiandebian_linuxlinux-headers-4.9.0-0.bpo.7-686-paep-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae
debiandebian_linuxlinux-headers-4.9.0-0.bpo.7-allp-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all
debiandebian_linuxlinux-headers-4.9.0-0.bpo.7-all-amd64p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64
debiandebian_linuxlinux-headers-4.9.0-0.bpo.7-all-armelp-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel
debiandebian_linuxlinux-headers-4.9.0-0.bpo.7-all-armhfp-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf
debiandebian_linuxlinux-headers-4.9.0-0.bpo.7-all-i386p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386
debiandebian_linuxlinux-headers-4.9.0-0.bpo.7-amd64p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64
Rows per page:
1-10 of 351

Related

debian 4
openvas 25
nessus 67
osv 3
fedora 4
amazon 3
cloudfoundry 1
ubuntu 8
ibm 5
f5 3
debiancve 5
cve 5
cvelist 5
ubuntucve 5
redhatcve 5
nvd 5
prion 5
mageia 2
oraclelinux 7
centos 4
virtuozzo 4
redhat 21
huawei 1
veracode 1
photon 1
debian
debian
[SECURITY] [DLA 1940-1] linux-4.9 security update
2019-10-01 13:56:02
[SECURITY] [DSA 4531-1] linux security update
2019-09-25 04:04:13
[SECURITY] [DSA 4531-1] linux security update
2019-09-25 04:04:13
openvas
openvas
Debian: Security Advisory (DLA-1940-1)
2019-10-02 00:00:00
Debian: Security Advisory (DSA-4531-1)
2019-09-26 00:00:00
Fedora Update for kernel-headers FEDORA-2019-a570a92d5a
2019-10-04 00:00:00
nessus
nessus
Debian DSA-4531-1 : linux - security update
2019-09-25 00:00:00
Amazon Linux AMI : kernel (ALAS-2019-1293)
2019-09-30 00:00:00
Amazon Linux 2 : kernel (ALAS-2019-1293)
2019-09-27 00:00:00
osv
osv
linux - security update
2019-09-25 00:00:00
linux-4.9 - security update
2019-09-30 00:00:00
CVE-2019-15902
2019-09-04 06:15:10
fedora
fedora
[SECURITY] Fedora 29 Update: kernel-headers-5.2.17-100.fc29
2019-10-02 01:42:27
[SECURITY] Fedora 29 Update: kernel-tools-5.2.17-100.fc29
2019-10-02 01:42:27
[SECURITY] Fedora 30 Update: kernel-headers-5.2.16-200.fc30
2019-09-24 01:09:44
amazon
amazon
Important: kernel
2019-09-25 23:01:00
Important: kernel
2019-09-25 22:59:00
Medium: kernel
2019-09-13 22:48:00
cloudfoundry
cloudfoundry
USN-4162-1: Linux kernel vulnerabilities | Cloud Foundry
2019-11-06 00:00:00
ubuntu
ubuntu
Linux kernel (Xenial HWE) vulnerabilities
2019-10-23 00:00:00
Linux kernel vulnerabilities
2019-10-22 00:00:00
Linux kernel vulnerabilities
2019-10-22 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
2020-07-13 20:37:42
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability
2020-10-07 16:19:33
Security Bulletin: Vulnerability in Linux Kernel affects IBM Netezza Host Management
2019-11-07 12:14:49
f5
f5
K16449953 : Linux parse_audio_mixer_unit kernel vulnerability CVE-2019-15117
2019-10-10 00:00:00
K57536416 : Kernel vulnerability CVE-2019-14835
2020-10-19 00:00:00
K59513013 : Linux kernel vulnerability CVE-2019-14821
2020-10-19 00:00:00
debiancve
debiancve
CVE-2019-15117
2019-08-16 14:15:09
CVE-2019-15902
2019-09-04 06:15:10
CVE-2019-15118
2019-08-16 14:15:10
cve
cve
CVE-2019-15902
2019-09-04 06:15:10
CVE-2019-15118
2019-08-16 14:15:10
CVE-2019-15117
2019-08-16 14:15:09
cvelist
cvelist
CVE-2019-15902
2019-09-04 05:50:48
CVE-2019-15118
2019-08-16 13:44:50
CVE-2019-15117
2019-08-16 13:45:02
ubuntucve
ubuntucve
CVE-2019-15902
2019-09-04 00:00:00
CVE-2019-15118
2019-08-16 00:00:00
CVE-2019-14835
2019-09-17 00:00:00
redhatcve
redhatcve
CVE-2019-15902
2019-09-13 17:22:19
CVE-2019-15118
2020-04-04 05:35:44
CVE-2019-15117
2020-04-03 08:08:00
nvd
nvd
CVE-2019-15117
2019-08-16 14:15:09
CVE-2019-15902
2019-09-04 06:15:10
CVE-2019-15118
2019-08-16 14:15:10
prion
prion
Cross site request forgery (csrf)
2019-08-16 14:15:00
Design/Logic Flaw
2019-09-04 06:15:00
Stack overflow
2019-08-16 14:15:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-09-21 19:04:55
Updated kernel packages fix security vulnerabilities
2019-09-21 19:04:55
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-09-17 00:00:00
kernel security update
2019-09-20 00:00:00
kernel security update
2019-09-23 00:00:00
centos
centos
kernel, perf, python security update
2019-09-27 12:17:17
bpftool, kernel, perf, python security update
2019-10-02 16:02:22
kernel, perf, python security update
2019-12-24 15:25:23
virtuozzo
virtuozzo
Important kernel security update: Virtuozzo ReadyKernel patch 87.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0
2019-09-23 00:00:00
Important kernel security update: New kernel 2.6.32-042stab142.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2020-01-31 00:00:00
Important kernel security update: New kernel 2.6.32-042stab142.1; Virtuozzo 6.0 Update 12 Hotfix 50 (6.0.12-3755)
2020-01-31 00:00:00
redhat
redhat
(RHSA-2019:2924) Important: redhat-virtualization-host security update
2019-09-27 12:48:43
(RHSA-2019:2830) Important: kernel-rt security update
2019-09-20 06:28:36
(RHSA-2019:2827) Important: kernel security update
2019-09-20 06:09:43
huawei
huawei
Security Advisory - Buffer Overflow Vulnerability in QEMU-KVM
2020-01-15 00:00:00
veracode
veracode
Privilege Escalation
2020-07-08 03:23:31
photon
photon
Critical Photon OS Security Update - PHSA-2019-0178
2019-09-23 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.1%

JSON
Related for DEBIAN_DLA-1940.NASL
debian4openvas25nessus67osv3fedora4amazon3cloudfoundry1ubuntu8ibm5f53debiancve5cve5cvelist5ubuntucve5redhatcve5nvd5prion5mageia2oraclelinux7centos4virtuozzo4redhat21huawei1veracode1photon1