Plugins Database As of 11-21-2019

Ubuntu Update for linux USN-4157-1

Ubuntu Local Security Checks
Impact by CVSS Score
  • ID: 1.3.6.1.4.1.25623.1.0.844203

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
The remote host is missing an update for the 'linux' Linux Distribution Package(s) announced via the USN-4157-1 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the 91x Wi-Fi driver in the Linux kernel did not properly handle error conditions on initialization, leading to a double-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15504) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the IPv6 RDS implementation in the Linux kernel did not properly initialize fields in a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). Please note that the RDS protocol is blacklisted in Ubuntu by default. (CVE-2019-16714) It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181)

Affected Versions:
'linux' Linux Distribution Package(s) on Ubuntu 19.04.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

Search
Severity
High
CVSS Score
10.0
Published
2019-10-18 02:00:55
Modified
2019-10-18 09:43:23
CVE
CVE-2019-14814
CVE-2019-14815
CVE-2019-14816
CVE-2019-14821
CVE-2019-15504
CVE-2019-15505
CVE-2019-15902
CVE-2019-16714
CVE-2019-2181

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.