Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Ubuntu Update for linux USN-4093-1

Information

Severity

Severity

High

Family

Family

Ubuntu Local Security Checks

CVSSv2 Base

CVSSv2 Base

8.3

CVSSv2 Vector

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

4 years ago

Modified

Modified

4 years ago

Summary

The remote host is missing an update for the 'linux' package(s) announced via the USN-4093-1 advisory.

Insight

Insight

It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)

Affected Software

Affected Software

'linux' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

Please install the updated package(s).