It was discovered that when loading certain compressed kernel modules, memory exhaustion could occur. An attacker with the ability to provide malicious kernel modules could use this for denial of service (via crashing the system). This issue affects kernel version 4.14 and 4.15.
CVE-2019-10940 It was found that the ext4 file system code did not synchronize block allocation between the ext4 inode table and the disk when detaching in some situations. A local attacker could use this flaw to expose data on the disk by mounting it via ext4. This issue affects only Linux kernel version 4.15 and newer. It was discovered that the perf subsystem did not limit stack usage by child processes. A local attacker could use this to consume all available memory by running a malicious process. This issue affects only Linux kernel version 4.15 and newer. It was found that the UDF file system code did not check permissions when reading from the /dev/udisks file. A local attacker could use this to potentially read arbitrary files. This issue only affects Linux kernel version 4Udf file system code did not check permissions when reading from the /dev/udisks file. A local attacker could use this to potentially read arbitrary files. This issue only affects Linux kernel version 4.15 and newer. It was found that the perf subsystem did not limit stack usage by child processes. A local attacker could use this to consume all available memory by running a malicious process. This issue affects only Linux
Linux Kernel versions affected by these security issues
4.14
4.15, 4.16
New Features
Introduced in Linux 4.15
Linux 4.15 was released on December 9, 2019. It brought many new features, including the following:
- Support for the ARMv8 architecture and 64-bit AArch32 mode (aka ARM64)
- Support for the 32th generation of Intel Core architecture (aka Skylake)
- Support for the 8th generation of AMD Ryzen Threadripper CPUs
- Improvements to KVM over bridged networking (KBD)- with better performance and reduced latency
Bug Detection:
How to Know If a Bug Is in Your System
A common question is how do you know if a bug has been found in your system? Luckily, there are quite a few ways of ascertaining whether or not you have an issue.
One way you can find out if the issue exists in your system is by downloading the latest kernel source code from the Linux kernel's website and compiling it. This method will help you to accurately identify any issues that may be present in your system. The downside of this approach is that it could take some time to compile this source code, as well as require some retesting after compiling.
Another option for determining whether or not an issue exists would be by checking through the CVE database, which can be done on the CVE website. Keep in mind that this option would most likely require some assistance from your IT team to determine what vulnerabilities exist in your particular product/system.
Timeline
Published on: 02/04/2022 23:15:00 UTC
Last modified on: 02/10/2022 18:30:00 UTC