Chapter 2 Security Fixes for CVEs

This chapter lists security vulnerabilities and exposures (CVEs) that are specifically addressed in this release. Note that CVEs are continually handled in patch updates that are made available as errata builds for the current release. For this reason, it is absolutely critical that you keep your system up to date with the latest package updates for this kernel release.

You can keep up to date with the latest CVE information at https://linux.oracle.com/cve.

2.1 List of CVEs fixed in this release

The following list describes the CVEs that are fixed in this release. The content provided here is automatically generated and includes the CVE identifier and a summary of the issue. The associated internal Oracle bug identifiers are also included to reference work that was carried out to address each issue.

  • CVE-2016-5244.  The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. (Bug: 30770960 )

    See https://linux.oracle.com/cve/CVE-2016-5244.html for more information.

  • CVE-2019-0154.  Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. (Bug: 30735723 )

    See https://linux.oracle.com/cve/CVE-2019-0154.html for more information.

  • CVE-2019-14615.  Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. (Bug: 30773851 )

  • CVE-2019-14895.  A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (Bug: 30781857 )

    See https://linux.oracle.com/cve/CVE-2019-14895.html for more information.

  • CVE-2019-14901.  A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. (Bug: 30819437 )

    See https://linux.oracle.com/cve/CVE-2019-14901.html for more information.

  • CVE-2019-15291.  An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. (Bug: 30864531 )

    See https://linux.oracle.com/cve/CVE-2019-15291.html for more information.

  • CVE-2019-15917.  An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (Bug: 30728299 )

    See https://linux.oracle.com/cve/CVE-2019-15917.html for more information.

  • CVE-2019-16231.  drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (Bug: 30771874 )

    See https://linux.oracle.com/cve/CVE-2019-16231.html for more information.

  • CVE-2019-17666.  rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. (Bug: 30807746 )

    See https://linux.oracle.com/cve/CVE-2019-17666.html for more information.

  • CVE-2019-19332.  An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (Bug: 30770834 )

    See https://linux.oracle.com/cve/CVE-2019-19332.html for more information.

  • CVE-2019-20054.  In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (Bug: 30754946 )

    See https://linux.oracle.com/cve/CVE-2019-20054.html for more information.

  • CVE-2019-20095.  mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. (Bug: 30755102 )

    See https://linux.oracle.com/cve/CVE-2019-20095.html for more information.

  • CVE-2019-3016.  In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (Bug: 30758028 )

    See https://linux.oracle.com/cve/CVE-2019-3016.html for more information.

  • CVE-2020-2732.  *** UNKNOWN *** (Bug: 30847135 )

    See https://linux.oracle.com/cve/CVE-2020-2732.html for more information.

  • CVE-2020-7053.  In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. (Bug: 30860456 )