USN-3901-1

Details

Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397)

It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-19854)

Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133)

Affected Packages

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-46.49

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1033.35

Ubuntu:18.04:LTSlinux-gcp

Fixed in:

4.15.0-1028.29

Ubuntu:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1030.30

Ubuntu:18.04:LTSlinux-oem

Fixed in:

4.15.0-1034.39

Ubuntu:18.04:LTSlinux-oracle

Fixed in:

4.15.0-1009.11

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.15.0-1032.34

References

REPORThttps://ubuntu.com/security/CVE-2018-18397 REPORThttps://ubuntu.com/security/CVE-2018-19854 REPORThttps://ubuntu.com/security/CVE-2019-6133 ADVISORYhttps://ubuntu.com/security/notices/USN-3901-1

USN-3901-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline