CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

CVE-2019-15098 [MEDIUM] CWE-476 GHSA-jrv5-9rmq-5rv5: drivers/net/wireless/ath/ath6kl/usb drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

[MEDIUM] linux, linux-aws, linux-kvm vulnerabilities linux, linux-aws, linux-kvm vulnerabilities Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive i

CVE-2019-0155 [MEDIUM] linux vulnerability linux vulnerability USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive inf

[MEDIUM] linux-lts-xenial, linux-aws vulnerabilities linux-lts-xenial, linux-aws vulnerabilities USN-4186-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel

CVE-2019-0155 [MEDIUM] linux, linux-hwe, linux-oem-osp1 vulnerability and regression linux, linux-hwe, linux-oem-osp1 vulnerability and regression USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory cont

[MEDIUM] linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2 vulnerabilities linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2 vulnerabilities Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Stream

CVE-2019-0155 [MEDIUM] linux, linux-hwe, linux-oem vulnerability and regression linux, linux-hwe, linux-oem vulnerability and regression USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents

[MEDIUM] linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle vulnerabilities linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle vulnerabilities Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer

CVE-2019-15098 [MEDIUM] CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

CVE-2019-15098 [MEDIUM] ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() The `ar_usb` field of `ath6kl_usb_pipe_usb_pipe` objects are initialized to point to the containing `ath6kl_usb` object according to endpoint descriptors read from the device side, as shown below in `ath6kl_usb_setup_pipe_resources`: for (i = 0; i desc.bNumEndpoints; ++i) { endpoint = &iface_desc->endpoint[i].desc; // get the address from endpoint descriptor pipe_num = ath6kl_usb_get_logical_pipe_num(ar_usb, endpoint->bEndpointAddress, &urbcount); ...... // select the pipe object pipe = &ar_usb->pipes[pipe_num]; // initialize the ar_usb field pipe->ar_usb = ar_usb; } The driver assumes that the addresses reported in endpoint descriptors from device side to be complete. If a device is malicious and does not report com

CVE-2018-12207 [MEDIUM] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory informat

CVE-2019-0155 [MEDIUM] Linux kernel vulnerability and regression Title: Linux kernel vulnerability and regression Summary: Several issues were fixed in the Linux kernel. USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronizati

CVE-2019-0155 [MEDIUM] Linux kernel vulnerability and regression Title: Linux kernel vulnerability and regression Summary: Several issues were fixed in the Linux kernel. USN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronizati

CVE-2018-12207 [MEDIUM] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory informat

CVE-2019-0155 [MEDIUM] Linux kernel vulnerability Title: Linux kernel vulnerability Summary: Several security issues were fixed in the Linux kernel. USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executi

CVE-2018-12207 [MEDIUM] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory informat

CVE-2018-12207 [MEDIUM] Linux kernel (Xenial HWE) vulnerabilities Title: Linux kernel (Xenial HWE) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. USN-4186-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sen

CVE-2019-15098 [MEDIUM] CWE-476 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. A flaw was found in the Linux kernel's implementation of the ath6kl wireless network driver implementation, which could allow an attacker with physical access with custom USB hardware to plug into a rogue USB device that can create a condition where the kernel will panic. Mitigation: No mitigation is required as Red Hat kernels are not affected. Package: kernel (Red Hat Enterprise Linux 5) - Not affected Package: kernel (Red Hat Enterprise Linux 6) - Not affected Package: kernel (Red Hat Enterprise Linux 7) - Not affected Package: kernel-

CVE-2019-15290 [MEDIUM] CWE-119 kernel: Null pointer dereference in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c kernel: Null pointer dereference in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c [REJECTED CVE] An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver. Statement: This flaw was found to be a duplicate of CVE-2019-15098. Please see https://access.redhat.com/security/cve/CVE-2019-15098 for information about affected products and security errata. Package: kernel (Red Hat Enterprise Linux 5) - Not affected Package: kernel (Red Hat Enterprise Linux 6) - Not affected Package: kernel (Red Hat Enterprise Linux 7) - Not affected Package: kernel-alt (Red Hat Enterprise Linux 7) - N

CVE-2019-15098 [MEDIUM] CVE-2019-15098: linux - drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NU... drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Scope: local bookworm: resolved (fixed in 5.3.7-1) bullseye: resolved (fixed in 5.3.7-1) forky: resolved (fixed in 5.3.7-1) sid: resolved (fixed in 5.3.7-1) trixie: resolved (fixed in 5.3.7-1)

CVE-2019-15098 [MEDIUM] CVE-2019-15098 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash [fedora-all] CVE-2019-15098 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: thi

CVE-2019-15290 [MEDIUM] CVE-2019-15290 kernel: Null pointer dereference in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c CVE-2019-15290 kernel: Null pointer dereference in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function in the drivers/net/wireless/ath/ath6kl/usb.c driver. References: https://syzkaller.appspot.com/bug?id=cd8b9cfe50a0bf36ee19eda2d7e2e06843dfbeaf http://www.openwall.com/lists/oss-security/2019/08/20/2 Discussion: Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1749990] --- This flaw was found to be a duplicate of CVE-2019-15098. Please see https://access.redhat.com/security/cve/CVE-2019-15098 for information about affected products and security errata.

CVE-2019-15098 [MEDIUM] CVE-2019-15098 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash CVE-2019-15098 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash A flaw in the Linux kernels implementation of the ath6kl wireless network driver implementation could allow an attacker with physical access with custom USB hardware to plug in a rogue USB device that can possibly create a condition where the kernel will panic. Red Hat does not include the code affected by this flaw in currently shipping releases. Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39d170b3cb62ba98567f5c4f40c27b5864b304e5 Discussion: Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1763872] --- External References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39d