FS#61832 - [linux-hardened] [linux-lts] [linux-zen] [linux] CVE-2019-8912, CVE-2019-8980

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Friday, 22 February 2019, 09:02 GMT
Last edited by Jan de Groot (JGC) - Sunday, 16 June 2019, 05:31 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Tobias Powalowski (tpowa)
Andreas Radke (AndyRTR)
Jan Alexander Steffens (heftig)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

linux-hardened 4.20.11.a-1, linux-lts 4.19.24-1, linux 4.20.11.arch1 linux-zen 4.20.11.zen1-1 are all vulnerable to CVE-2019-8912 (local privilege escalation) and CVE-2019-8980 (DoS vulnerability).

https://nvd.nist.gov/vuln/detail/CVE-2019-8912
https://nvd.nist.gov/vuln/detail/CVE-2019-8980


To fix this, the following patches should be cherrypicked until upstream pushes out a new release:

"CVE-2019-8912.patch::https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/patch/?id=9060cb719e61b685ec0102574e10337fa5f445ea"
"CVE-2019-8980.patch::https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/patch/?id=f612acfae86af7ecad754ae6a46019be9da05b8e"

This task depends upon

Closed by  Jan de Groot (JGC)
Sunday, 16 June 2019, 05:31 GMT
Reason for closing:  Fixed
Comment by loqs (loqs) - Friday, 22 February 2019, 10:00 GMT Comment by Levente Polyak (anthraxx) - Friday, 22 February 2019, 10:19 GMT
Was in the train so you managed to write before i was able to log in :D But I came to the very same conclusion, hence adding linux
Comment by Jan Alexander Steffens (heftig) - Friday, 22 February 2019, 13:08 GMT
Fixed in 4.20.11-arch2 and 4.20.11-zen2
Comment by Andreas Radke (AndyRTR) - Saturday, 23 February 2019, 16:49 GMT
fixed with 4.19.25 LTS kernel pushed to testing.

Loading...