Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2LIVEPATCH-2020-019

Related Vulnerabilities: CVE-2019-19319  

In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call. (CVE-2019-19319)

Source

ALAS2LIVEPATCH-2020-019

Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-019
Advisory Release Date: 2020-06-10 00:22 Pacific
Advisory Updated Date: 2020-06-17 23:36 Pacific
Severity: Important
References: CVE-2019-19319 
Issue Overview:

In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call. (CVE-2019-19319)


Affected Packages:

kernel-livepatch-4.14.173-137.229


Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.173-137.229 to update your system.

New Packages:
src:
    kernel-livepatch-4.14.173-137.229-1.0-4.amzn2.src

x86_64:
    kernel-livepatch-4.14.173-137.229-1.0-4.amzn2.x86_64
    kernel-livepatch-4.14.173-137.229-debuginfo-1.0-4.amzn2.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started