Ubuntu Update for linux USN-4115-1

Published: 2019-09-03 02:01:18
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
The remote host is missing an update for the 'linux' Linux Distribution Package(s) announced via the USN-4115-1 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transaction ... Description truncated. Please see the references for more information.

Affected Versions:
'linux' Linux Distribution Package(s) on Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2018-19985
https://nvd.nist.gov/vuln/detail/CVE-2018-20784
https://nvd.nist.gov/vuln/detail/CVE-2019-0136
https://nvd.nist.gov/vuln/detail/CVE-2019-10207
https://nvd.nist.gov/vuln/detail/CVE-2019-10638
https://nvd.nist.gov/vuln/detail/CVE-2019-10639
https://nvd.nist.gov/vuln/detail/CVE-2019-11487
https://nvd.nist.gov/vuln/detail/CVE-2019-11599
https://nvd.nist.gov/vuln/detail/CVE-2019-11810
https://nvd.nist.gov/vuln/detail/CVE-2019-13631
https://nvd.nist.gov/vuln/detail/CVE-2019-13648
https://nvd.nist.gov/vuln/detail/CVE-2019-14283
https://nvd.nist.gov/vuln/detail/CVE-2019-14284
https://nvd.nist.gov/vuln/detail/CVE-2019-14763
https://nvd.nist.gov/vuln/detail/CVE-2019-15090
https://nvd.nist.gov/vuln/detail/CVE-2019-15211
https://nvd.nist.gov/vuln/detail/CVE-2019-15212
https://nvd.nist.gov/vuln/detail/CVE-2019-15214
https://nvd.nist.gov/vuln/detail/CVE-2019-15215
https://nvd.nist.gov/vuln/detail/CVE-2019-15220
https://nvd.nist.gov/vuln/detail/CVE-2019-15292
https://nvd.nist.gov/vuln/detail/CVE-2019-3900
https://nvd.nist.gov/vuln/detail/CVE-2019-9506
https://nvd.nist.gov/vuln/detail/CVE-2019-15216
https://nvd.nist.gov/vuln/detail/CVE-2019-15218
https://nvd.nist.gov/vuln/detail/CVE-2019-15221
https://nvd.nist.gov/vuln/detail/CVE-2019-3701
https://nvd.nist.gov/vuln/detail/CVE-2019-3819

References:

https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005093.html

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.