USN-4114-1

Details

Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)

Praveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)

It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283)

It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)

Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)

Affected Packages

Ubuntu:18.04:LTSlinux-azure

Fixed in:

5.0.0-1018.19~18.04.1

Ubuntu:18.04:LTSlinux-gke-5.0

Fixed in:

5.0.0-1015.15~18.04.1

Ubuntu:18.04:LTSlinux-hwe

Fixed in:

5.0.0-27.28~18.04.1

References

REPORThttps://ubuntu.com/security/CVE-2019-10638 REPORThttps://ubuntu.com/security/CVE-2019-13648 REPORThttps://ubuntu.com/security/CVE-2019-14283 REPORThttps://ubuntu.com/security/CVE-2019-14284 REPORThttps://ubuntu.com/security/CVE-2019-3900 ADVISORYhttps://ubuntu.com/security/notices/USN-4114-1

USN-4114-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline