Vulnerabilities for Enterprise linux atomic host (...) - CXSECURITY.COM

Vulnerabilities for 'Enterprise linux atomic host'

2020-07-29

CVE-2020-15707

CWE-362

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

CVE-2020-15706

CWE-362

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

CVE-2020-15705

CWE-347

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

2019-06-18

CVE-2019-11479

CWE-400

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

CVE-2019-11478

CWE-400

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

CVE-2019-11477

CWE-190

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

>>> Vendor: Redhat 373 Products

Certificate server

Directory server

Enterprise linux

Enterprise linux desktop

Linux powertools

Redhat package manager

Docbook stylesheets

Pre-execution environment

Linux advanced workstation

Analog real-time synthesizer

Kdelibs sound devel

Package manager

Jboss application server

Network satelite server

Network satellite server

Enterprise linux desktop workstation

Fedora directory server

Desktop workstation

Certificate system

Jboss enterprise application platform

dogtag certificate system

Cluster project

Dogtag certificate system

Enterprise virtualization

Network satellite

Enterprise virtualization hypervisor

Enterprise virtualization manager

Jboss enterprise service bus

Jboss enterprise soa platform

Jboss enterprise web platform

389 directory server

Policycoreutils

Jboss seam 2 framework

Virtualization manager

See all Products for Vendor Redhat

Copyright 2024, cxsecurity.com