AVG-850

Package linux
Status Vulnerable
Severity Critical
Type multiple issues
Affected 4.20.arch1-1
Fixed Unknown
Current 5.1.3.arch1-1 [core]
Ticket Create
Created Fri Jan 11 19:46:53 2019
Issue Severity Remote Type Description
CVE-2019-8912 Critical Yes Arbitrary code execution
In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a...
CVE-2019-7222 Medium No Information disclosure
An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON,...
CVE-2019-7221 Critical No Privilege escalation
A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1)...
CVE-2019-6974 High No Arbitrary code execution
A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via...
CVE-2019-3460 Medium Yes Information disclosure
In the function l2cap_get_conf_opt (l2cap_core.c), which is used to parse configuration elements during an L2cap connection negotiation process.

In this...
CVE-2019-3459 Medium Yes Information disclosure
In the functions l2cap_parse_conf_rsp, l2cap_parse_conf_req (l2cap_core.c), and other locations, there is a while loop which is used to parse configuration...