Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2LIVEPATCH-2020-020

Related Vulnerabilities: CVE-2019-19319  

In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call. (CVE-2019-19319)

Source

ALAS2LIVEPATCH-2020-020

Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-020
Advisory Release Date: 2020-06-10 00:22 Pacific
Advisory Updated Date: 2020-06-17 23:35 Pacific
Severity: Important
References: CVE-2019-19319 
Issue Overview:

In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call. (CVE-2019-19319)


Affected Packages:

kernel-livepatch-4.14.173-137.228


Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.173-137.228 to update your system.

New Packages:
src:
    kernel-livepatch-4.14.173-137.228-1.0-4.amzn2.src

x86_64:
    kernel-livepatch-4.14.173-137.228-1.0-4.amzn2.x86_64
    kernel-livepatch-4.14.173-137.228-debuginfo-1.0-4.amzn2.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started