Rewterz Threat Advisory – CVE-2019-10639 – Linux Kernel “net_hash_mix()” Information Disclosure Vulnerability

Rewterz Threat Advisory – CVE-2019-5528 – VMware ESXi hostd Denial of Service Vulnerability

July 11, 2019

Rewterz Threat Advisory – Delta Industrial Automation CNCSoft ScreenEditor Multiple Vulnerabilities

July 12, 2019

Rewterz Threat Advisory – CVE-2019-10639 – Linux Kernel “net_hash_mix()” Information Disclosure Vulnerability

Severity

Medium

Analysis Summary

An error related to the “net_hash_mix()” function (include/net/netns/hash.h) can be exploited to disclose certain kernel memory addresses and subsequently bypass KASLR.

Impact

Exposure of sensitive information

Affected Vendors

Linux

Affected Products

Linux Kernel 3.16.x
Linux Kernel 4.4.x
Linux Kernel 4.9.x
Linux Kernel 4.14.x
Linux Kernel 4.19.x

Remediation

Update to a fixed version Versions

Versions 3.16.x: Update to version 3.16.70.

Versions 4.4.x: Update to version 4.4.179 or later.

Versions 4.9.x: Update to version 4.9.169 or later.

Versions 4.14.x: Update to version 4.14.112 or later.

Versions 4.19.x: Update to version 4.19.35 or later.

Rewterz Threat Advisory – CVE-2019-5528 – VMware ESXi hostd Denial of Service Vulnerability

Rewterz Threat Advisory – Delta Industrial Automation CNCSoft ScreenEditor Multiple Vulnerabilities

Rewterz Threat Advisory – CVE-2019-10639 – Linux Kernel “net_hash_mix()” Information Disclosure Vulnerability

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan