Kernel and GRUB Security Update (MINDBREEZE15809)

ID: MINDBREEZE15809 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 8.2 Moderate 
Status: Final 
First published: February 2, 2021 
CVEs: CVE-2020-10713, CVE-2020-14308, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, CVE-2019-19527, CVE-2019-19537, CVE-2020-8647, CVE-2020-12826, CVE-2020-11565, CVE-2020-10732, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 

Summary

The Kernel and GRUB Update contains fixes for the following CVEs:

• grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)
• grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)
• grub2: Integer overflow in initrd size handling (CVE-2020-15707)
• grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)
• kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)
• kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)
• kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c (CVE-2020-8647)
• kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)
• kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565)
• kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)
• hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)
• hw: Vector Register Leakage-Active (CVE-2020-8696)
• hw: Fast forward store predictor (CVE-2020-8698)

Remediation

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

• Mindbreeze InSpire 20.5 Release (Version 20.5.1.835)
• Mindbreeze InSpire SaaS 20.5 Release (Version 20.5.1.835)