Ubuntu Update for linux-hwe USN-4069-2

Published: 2019-08-02 02:00:28
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Summary:
The remote host is missing an update for the 'linux-hwe' Linux Distribution Package(s) announced via the USN-4069-2 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884)

Affected Versions:
'linux-hwe' Linux Distribution Package(s) on Ubuntu 18.04 LTS.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2019-11487
https://nvd.nist.gov/vuln/detail/CVE-2019-11599
https://nvd.nist.gov/vuln/detail/CVE-2019-11833
https://nvd.nist.gov/vuln/detail/CVE-2019-11884

References:

http://www.ubuntu.com/usn/usn-4069-2/

Search
Severity
High
CVSS Score
7.2

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.