Oracle Linux Bulletin - January 2019 - Oracle CVRF Oracle Linux Bulletin Advisory OLBulletinJan2019 Final 3.0 1.0 2019-01-15T13:00:00-07:00 Initial Distribution 2.0 2019-02-19T13:00:00-07:00 New CVEs added. 3.0 2019-03-18T13:00:00-07:00 New CVEs added. This document contains descriptions of Oracle Linux security vulnerabilities which have had fixes released for all supported versions and platforms. https://www.oracle.com/technetwork/topics/security/linuxbulletinjan2019-5278195.html URL to html version of Advisory Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 This is a vulnerability in bind in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-5742 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0194.html P-1309V-7 This is a vulnerability in cockpit in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2019-3804 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0482.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12405 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3831.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12405 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3833.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. Incorrect texture handling in Angle in Google Chrome prior to70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVSS Base Score: Undefined. Fix has been released CVE-2018-17466 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3831.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. Incorrect texture handling in Angle in Google Chrome prior to70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVSS Base Score: Undefined. Fix has been released CVE-2018-17466 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3833.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. An integer overflow in path handling lead to a use after free in Skiain Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS Base Score: Undefined. Fix has been released CVE-2018-18356 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0373.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. An integer overflow in path handling lead to a use after free in Skiain Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS Base Score: Undefined. Fix has been released CVE-2018-18356 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0374.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18492 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3831.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18492 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3833.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18493 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3831.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18493 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3833.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18494 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3831.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18494 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3833.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18498 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3831.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18498 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3833.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18500 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0218.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18500 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0219.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18501 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0218.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18501 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0219.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18505 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0218.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18505 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0219.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2019-5785 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0373.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2019-5785 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0374.html P-1309V-7 This is a vulnerability in flatpak in Oracle Linux. Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /procin the apply_extra script sandbox, which allows attackers to modify a host-side executable file. CVSS Base Score: Undefined. Fix has been released CVE-2019-8308 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0375.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supplycrafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. CVSS Base Score: Undefined. Fix has been released CVE-2018-15911 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3834.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. In Artifex Ghostscript before 9.24, attackers able to supply craftedPostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. CVSS Base Score: Undefined. Fix has been released CVE-2018-16540 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0229.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. In Artifex Ghostscript before 9.24, attackers able to supply craftedPostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. CVSS Base Score: Undefined. Fix has been released CVE-2018-16541 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3834.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. An issue was discovered in Artifex Ghostscript before 9.25. Incorrectrestoration CVSS Base Score: Undefined. Fix has been released CVE-2018-16802 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3834.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. Artifex Ghostscript before 9.25 allowed a user-writable error exceptiontable, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. CVSS Base Score: Undefined. Fix has been released CVE-2018-17183 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3834.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. Artifex Ghostscript 9.25 and earlier allows attackers to bypass asandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. CVSS Base Score: Undefined. Fix has been released CVE-2018-17961 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3834.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. Artifex Ghostscript allows attackers to bypass a sandbox protectionmechanism by leveraging exposure of system operators in the saved execution stack in an error object. CVSS Base Score: Undefined. Fix has been released CVE-2018-18073 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3834.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. Artifex Ghostscript 9.25 and earlier allows attackers to bypass asandbox protection mechanism via vectors involving the 1Policy operator. CVSS Base Score: Undefined. Fix has been released CVE-2018-18284 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3834.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-19134 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3834.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. An issue was discovered in Artifex Ghostscript before 9.26.LockSafetyParams is not checked correctly if another device is used. CVSS Base Score: Undefined. Fix has been released CVE-2018-19409 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3834.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remoteattackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. CVSS Base Score: Undefined. Fix has been released CVE-2018-19475 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0229.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackersto bypass intended access restrictions because of a setcolorspace type confusion. CVSS Base Score: Undefined. Fix has been released CVE-2018-19476 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0229.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remoteattackers to bypass intended access restrictions because of a JBIG2Decode type confusion. CVSS Base Score: Undefined. Fix has been released CVE-2018-19477 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0229.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2019-6116 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0229.html P-1309V-7 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE component of Oracle Java SE(subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note:\ This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2019-2422 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0462.html P-1309V-6 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE component of Oracle Java SE(subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note:\ This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2019-2422 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0464.html P-1309V-7 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE component of Oracle Java SE(subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note:\ This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2019-2422 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0416.html P-1309V-6 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE component of Oracle Java SE(subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note:\ This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2019-2422 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0435.html P-1309V-7 This is a vulnerability in java-11-openjdk in Oracle Linux. Vulnerability in the Java SE component of Oracle Java SE(subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note:\ This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2019-2422 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0436.html P-1309V-7 This is a vulnerability in keepalived in Oracle Linux. keepalived before 2.0.7 has a heap-based buffer overflow when parsingHTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. CVSS Base Score: Undefined. Fix has been released CVE-2018-19115 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0022.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. It was found that the raw midi kernel driver does not protect againstconcurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. CVSS Base Score: Undefined. Fix has been released CVE-2018-10902 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0415.html P-1309V-6 This is a vulnerability in kernel in Oracle Linux. An issue was discovered in the proc_pid_stack function infs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. CVSS Base Score: Undefined. Fix has been released CVE-2018-17972 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0512.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The userfaultfd implementation in the Linux kernel before 4.19.7mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. CVSS Base Score: Undefined. Fix has been released CVE-2018-18397 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0163.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. CVSS Base Score: Undefined. Fix has been released CVE-2018-18445 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0512.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. In the Linux kernel through 4.19, a use-after-free can occur due to arace condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. CVSS Base Score: Undefined. Fix has been released CVE-2018-18559 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0163.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. In sk_clone_lock of sock.c, there is a possible memory corruption dueto type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android CVSS Base Score: Undefined. Fix has been released CVE-2018-9568 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0512.html P-1309V-7 This is a vulnerability in libvncserver in Oracle Linux. LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de containsheap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution CVSS Base Score: Undefined. Fix has been released CVE-2018-15127 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0059.html P-1309V-7 This is a vulnerability in ntp in Oracle Linux. Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. CVSS Base Score: Undefined. Fix has been released CVE-2018-12327 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3854.html P-1309V-6 This is a vulnerability in openssl in Oracle Linux. Simultaneous Multi-threading (SMT) in processors can enable localusers to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. CVSS Base Score: Undefined. Fix has been released CVE-2018-5407 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0483.html P-1309V-7 This is a vulnerability in perl in Oracle Linux. Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow viaa crafted regular expression that triggers invalid write operations. CVSS Base Score: Undefined. Fix has been released CVE-2018-18311 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0109.html P-1309V-7 This is a vulnerability in polkit in Oracle Linux. In PolicyKit (aka polkit) 0.115, the start time protection mechanismcan be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. CVSS Base Score: Undefined. Fix has been released CVE-2019-6133 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0230.html P-1309V-7 This is a vulnerability in polkit in Oracle Linux. In PolicyKit (aka polkit) 0.115, the start time protection mechanismcan be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. CVSS Base Score: Undefined. Fix has been released CVE-2019-6133 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0420.html P-1309V-6 This is a vulnerability in qemu in Oracle Linux. Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka QuickEmulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. CVSS Base Score: Undefined. Fix has been released CVE-2017-10806 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The address_space_write_continue function in exec.c in QEMU (aka QuickEmulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. CVSS Base Score: Undefined. Fix has been released CVE-2017-11334 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROMEmulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. CVSS Base Score: Undefined. Fix has been released CVE-2017-12809 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU (aka Quick Emulator), when built with the VGA display emulatorsupport, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. CVSS Base Score: Undefined. Fix has been released CVE-2017-13672 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The vga display update in mis-calculated the region for the dirtybitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. CVSS Base Score: Undefined. Fix has been released CVE-2017-13673 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Use-after-free vulnerability in the sofree function in slirp/socket.cin QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. CVSS Base Score: Undefined. Fix has been released CVE-2017-13711 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Integer overflow in the load_multiboot function in hw/i386/multiboot.cin QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. CVSS Base Score: Undefined. Fix has been released CVE-2017-14167 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU(aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. CVSS Base Score: Undefined. Fix has been released CVE-2017-15038 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The Network Block Device (NBD) server in Quick Emulator (QEMU) before2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. CVSS Base Score: Undefined. Fix has been released CVE-2017-15119 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. VNC server implementation in Quick Emulator (QEMU) 2.11.0 and olderwas found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. CVSS Base Score: Undefined. Fix has been released CVE-2017-15124 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Qemu through 2.10.0 allows remote attackers to cause a memory leak bytriggering slow data-channel read operations, related to io/channel-websock.c. CVSS Base Score: Undefined. Fix has been released CVE-2017-15268 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allowlocal OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. CVSS Base Score: Undefined. Fix has been released CVE-2017-15289 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' valuesduring guest migration, leading to out-of-bounds access. CVSS Base Score: Undefined. Fix has been released CVE-2017-16845 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The Virtio Vring implementation in QEMU allows local OS guest users tocause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. CVSS Base Score: Undefined. Fix has been released CVE-2017-17381 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The cirrus_invalidate_region function in hw/display/cirrus_vga.c inQemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. CVSS Base Score: Undefined. Fix has been released CVE-2017-18030 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu)allows a user to cause a denial of service (Qemu process crash). CVSS Base Score: Undefined. Fix has been released CVE-2017-18043 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. A stack buffer overflow flaw was found in the Quick Emulator (QEMU)before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. CVSS Base Score: Undefined. Fix has been released CVE-2017-2630 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. An out-of-bounds memory access issue was found in Quick Emulator(QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. CVSS Base Score: Undefined. Fix has been released CVE-2017-2633 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andindirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVSS Base Score: Undefined. Fix has been released CVE-2017-5715 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andbranch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVSS Base Score: Undefined. Fix has been released CVE-2017-5753 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andindirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. CVSS Base Score: Undefined. Fix has been released CVE-2017-5754 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Quick Emulator (Qemu) built with the VirtFS, host directory sharingvia Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. CVSS Base Score: Undefined. Fix has been released CVE-2017-7471 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Quick Emulator (Qemu) built with the VirtFS, host directory sharingvia Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. CVSS Base Score: Undefined. Fix has been released CVE-2017-7493 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guestOS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. CVSS Base Score: Undefined. Fix has been released CVE-2017-8112 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allowsremote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. CVSS Base Score: Undefined. Fix has been released CVE-2017-8309 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Memory leak in the keyboard input event handlers support in QEMU (akaQuick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. CVSS Base Score: Undefined. Fix has been released CVE-2017-8379 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Buffer overflow in the megasas_mmio_write function in Qemu 2.9.0allows remote attackers to have unspecified impact via unknown vectors. CVSS Base Score: Undefined. Fix has been released CVE-2017-8380 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 HostBus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. CVSS Base Score: Undefined. Fix has been released CVE-2017-9503 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support isvulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. CVSS Base Score: Undefined. Fix has been released CVE-2018-10839 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow viaincoming fragmented datagrams. CVSS Base Score: Undefined. Fix has been released CVE-2018-11806 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c inqemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. CVSS Base Score: Undefined. Fix has been released CVE-2018-12617 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. qemu-seccomp.c in QEMU might allow local OS guest users to cause adenial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. CVSS Base Score: Undefined. Fix has been released CVE-2018-15746 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. An OOB heap buffer r/w access issue was found in the NVM ExpressController emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. CVSS Base Score: Undefined. Fix has been released CVE-2018-16847 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. A flaw was found in qemu Media Transfer Protocol (MTP) before version3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host. CVSS Base Score: Undefined. Fix has been released CVE-2018-16867 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4312.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. A flaw was found in qemu Media Transfer Protocol (MTP) before version3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host. CVSS Base Score: Undefined. Fix has been released CVE-2018-16867 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4313.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. A flaw was found in qemu Media Transfer Protocol (MTP) before version3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host. CVSS Base Score: Undefined. Fix has been released CVE-2018-16867 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. A flaw was found in qemu Media Transfer Protocol (MTP). The codeopening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS. CVSS Base Score: Undefined. Fix has been released CVE-2018-16872 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4518.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. A flaw was found in qemu Media Transfer Protocol (MTP). The codeopening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS. CVSS Base Score: Undefined. Fix has been released CVE-2018-16872 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.cbecause an incorrect integer data type is used. CVSS Base Score: Undefined. Fix has been released CVE-2018-17958 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c becausean incorrect integer data type is used. CVSS Base Score: Undefined. Fix has been released CVE-2018-17962 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizesgreater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. CVSS Base Score: Undefined. Fix has been released CVE-2018-17963 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18849 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path whileit is being accessed by a second thread, leading to (for example) a use-after-free outcome. CVSS Base Score: Undefined. Fix has been released CVE-2018-19364 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause adenial of service (crash) because of a race condition during file renaming. CVSS Base Score: Undefined. Fix has been released CVE-2018-19489 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/rdma/rdma_backend.c in QEMU allows guest OS users to triggerout-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. CVSS Base Score: Undefined. Fix has been released CVE-2018-20124 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4518.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/rdma/rdma_backend.c in QEMU allows guest OS users to triggerout-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. CVSS Base Score: Undefined. Fix has been released CVE-2018-20124 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial ofservice (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. CVSS Base Score: Undefined. Fix has been released CVE-2018-20125 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4518.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial ofservice (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. CVSS Base Score: Undefined. Fix has been released CVE-2018-20125 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memoryleaks because errors are mishandled. CVSS Base Score: Undefined. Fix has been released CVE-2018-20126 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4518.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memoryleaks because errors are mishandled. CVSS Base Score: Undefined. Fix has been released CVE-2018-20126 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation(such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). CVSS Base Score: Undefined. Fix has been released CVE-2018-20191 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4518.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation(such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). CVSS Base Score: Undefined. Fix has been released CVE-2018-20191 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.cbecause return values are not checked (and -1 is mishandled). CVSS Base Score: Undefined. Fix has been released CVE-2018-20216 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4518.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.cbecause return values are not checked (and -1 is mishandled). CVSS Base Score: Undefined. Fix has been released CVE-2018-20216 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andspeculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVSS Base Score: Undefined. Fix has been released CVE-2018-3639 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The vga_draw_text function in Qemu allows local OS guest privilegedusers to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. CVSS Base Score: Undefined. Fix has been released CVE-2018-5683 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The load_multiboot function in hw/i386/multiboot.c in Quick Emulator(aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. CVSS Base Score: Undefined. Fix has been released CVE-2018-7550 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGAEmulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. CVSS Base Score: Undefined. Fix has been released CVE-2018-7858 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4585.html P-1309V-7 This is a vulnerability in spice in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2019-3813 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0231.html P-1309V-7 This is a vulnerability in spice-server in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2019-3813 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0232.html P-1309V-6 This is a vulnerability in systemd in Oracle Linux. A buffer overflow vulnerability in the dhcp6 client of systemd allowsa malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. CVSS Base Score: Undefined. Fix has been released CVE-2018-15688 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0049.html P-1309V-7 This is a vulnerability in systemd in Oracle Linux. An allocation of memory without limits, that could result in the stackclashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2018-16864 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0049.html P-1309V-7 This is a vulnerability in systemd in Oracle Linux. An allocation of memory without limits, that could result in the stackclashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2018-16865 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0049.html P-1309V-7 This is a vulnerability in systemd in Oracle Linux. A memory leak was discovered in the backport of fixes forCVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. CVSS Base Score: Undefined. Fix has been released CVE-2019-3815 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0201.html P-1309V-7 This is a vulnerability in systemd in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2019-6454 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0368.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. libical 1.0 allows remote attackers to cause a denial of service(use-after-free) via a crafted ics file. CVSS Base Score: Undefined. Fix has been released CVE-2016-5824 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0269.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. libical 1.0 allows remote attackers to cause a denial of service(use-after-free) via a crafted ics file. CVSS Base Score: Undefined. Fix has been released CVE-2016-5824 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0270.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12405 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0159.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12405 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0160.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. Incorrect texture handling in Angle in Google Chrome prior to70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVSS Base Score: Undefined. Fix has been released CVE-2018-17466 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0159.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. Incorrect texture handling in Angle in Google Chrome prior to70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVSS Base Score: Undefined. Fix has been released CVE-2018-17466 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0160.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18492 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0159.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18492 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0160.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18493 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0159.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18493 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0160.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18494 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0159.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18494 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0160.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18498 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0159.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18498 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0160.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18500 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0269.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18500 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0270.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18501 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0269.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18501 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0270.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18505 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0269.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-18505 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0270.html P-1309V-7 This is a vulnerability in tomcat in Oracle Linux. When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11,8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. CVSS Base Score: Undefined. Fix has been released CVE-2018-11784 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-0485.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The IPv6 stack in the Linux kernel before 4.3.3 mishandles optionsdata, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. CVSS Base Score: Undefined. Fix has been released CVE-2016-3841 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4317.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. A security flaw was discovered in the nl80211_set_rekey_data() functionin net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. CVSS Base Score: Undefined. Fix has been released CVE-2017-12153 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4531.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An integer overflow in the qla2x00_sysfs_write_optrom_ctl function indrivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. CVSS Base Score: Undefined. Fix has been released CVE-2017-14051 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4317.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does notrequire the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. CVSS Base Score: Undefined. Fix has been released CVE-2017-17450 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4317.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The KEYS subsystem in the Linux kernel before 4.14.6 omitted anaccess-control check when adding a key to the current task's default request-key keyring via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. CVSS Base Score: Undefined. Fix has been released CVE-2017-17807 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4575.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allowsattackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. CVSS Base Score: Undefined. Fix has been released CVE-2017-18079 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4317.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions arace condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000004 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4317.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. Linux Linux kernel version at least v4.8 onwards, probably well beforecontains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000026 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4570.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in theLinux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10322 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4509.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. A flaw was found in Linux kernel in the ext4 filesystem code. Ause-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10876 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4575.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. A flaw was found in Linux kernel in the ext4 filesystem code. Ause-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10876 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4577.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. Linux kernel ext4 filesystem is vulnerable to an out-of-bound accessin the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10877 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4575.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. A flaw was found in the Linux kernel's ext4 filesystem. A local usercan cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10878 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4575.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The ext4_iget function in fs/ext4/inode.c in the Linux kernel through4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. CVSS Base Score: Undefined. Fix has been released CVE-2018-1092 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4317.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The ext4_fill_super function in fs/ext4/super.c in the Linux kernelthrough 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. CVSS Base Score: Undefined. Fix has been released CVE-2018-1094 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4510.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The ext4_fill_super function in fs/ext4/super.c in the Linux kernelthrough 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. CVSS Base Score: Undefined. Fix has been released CVE-2018-1094 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4533.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The alarm_timer_nsleep function in kernel/time/alarmtimer.c in theLinux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. CVSS Base Score: Undefined. Fix has been released CVE-2018-13053 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4541.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The alarm_timer_nsleep function in kernel/time/alarmtimer.c in theLinux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. CVSS Base Score: Undefined. Fix has been released CVE-2018-13053 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4577.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.17.10. There isan invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. CVSS Base Score: Undefined. Fix has been released CVE-2018-14609 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4533.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.17.10. There isan invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. CVSS Base Score: Undefined. Fix has been released CVE-2018-14609 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4570.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.17.10. There isan invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. CVSS Base Score: Undefined. Fix has been released CVE-2018-14612 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4570.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. A security flaw was found in the Linux kernel in a way that thecleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. CVSS Base Score: Undefined. Fix has been released CVE-2018-16862 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4575.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. A use-after-free issue was found in the way the Linux kernel's KVMhypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2018-16882 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4541.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the proc_pid_stack function infs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. CVSS Base Score: Undefined. Fix has been released CVE-2018-17972 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4531.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the proc_pid_stack function infs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. CVSS Base Score: Undefined. Fix has been released CVE-2018-17972 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4541.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the proc_pid_stack function infs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. CVSS Base Score: Undefined. Fix has been released CVE-2018-17972 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4577.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The userfaultfd implementation in the Linux kernel before 4.19.7mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. CVSS Base Score: Undefined. Fix has been released CVE-2018-18397 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4528.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The userfaultfd implementation in the Linux kernel before 4.19.7mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. CVSS Base Score: Undefined. Fix has been released CVE-2018-18397 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4541.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In the Linux kernel through 4.19, a use-after-free can occur due to arace condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. CVSS Base Score: Undefined. Fix has been released CVE-2018-18559 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4575.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernelthrough 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. CVSS Base Score: Undefined. Fix has been released CVE-2018-19407 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4509.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In the Linux kernel through 4.19.6, a local user could exploit ause-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. CVSS Base Score: Undefined. Fix has been released CVE-2018-19824 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4509.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In the Linux kernel through 4.19.6, a local user could exploit ause-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. CVSS Base Score: Undefined. Fix has been released CVE-2018-19824 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4510.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. Systems with microprocessors utilizing speculative execution andspeculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVSS Base Score: Undefined. Fix has been released CVE-2018-3639 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4531.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In the function wmi_set_ie(), the length validation code does nothandle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. CVSS Base Score: Undefined. Fix has been released CVE-2018-5848 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4509.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the fd_locked_ioctl function indrivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. CVSS Base Score: Undefined. Fix has been released CVE-2018-7755 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4509.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c inthe Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). CVSS Base Score: Undefined. Fix has been released CVE-2018-8043 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4509.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In hid_debug_events_read of drivers/hid/hid-debug.c, there is apossible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product:\ Android Versions: Android kernel Android ID: A-71361580. CVSS Base Score: Undefined. Fix has been released CVE-2018-9516 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4317.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In sk_clone_lock of sock.c, there is a possible memory corruption dueto type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android CVSS Base Score: Undefined. Fix has been released CVE-2018-9568 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4575.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In sk_clone_lock of sock.c, there is a possible memory corruption dueto type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android CVSS Base Score: Undefined. Fix has been released CVE-2018-9568 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4577.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The mincore() implementation in mm/mincore.c in the Linux kernelthrough 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. CVSS Base Score: Undefined. Fix has been released CVE-2019-5489 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4528.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The mincore() implementation in mm/mincore.c in the Linux kernelthrough 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. CVSS Base Score: Undefined. Fix has been released CVE-2019-5489 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2019-4541.html P-1309V-7