USN-4068-1

Details

Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085)

It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815)

It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)

It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884)

Affected Packages

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-55.60

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1044.46

Ubuntu:18.04:LTSlinux-gcp

Fixed in:

4.15.0-1037.39

Ubuntu:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1039.39

Ubuntu:18.04:LTSlinux-oracle

Fixed in:

4.15.0-1018.20

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.15.0-1041.44

Ubuntu:18.04:LTSlinux-snapdragon

Fixed in:

4.15.0-1058.64

References

REPORThttps://ubuntu.com/security/CVE-2019-11085 REPORThttps://ubuntu.com/security/CVE-2019-11815 REPORThttps://ubuntu.com/security/CVE-2019-11833 REPORThttps://ubuntu.com/security/CVE-2019-11884 ADVISORYhttps://ubuntu.com/security/notices/USN-4068-1

USN-4068-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline